PT-2018-14420 · Schiocco · Schiocco Support Board - Chat/Help Desk

Published

2018-10-17

Updated

2019-09-10

CVE-2018-18373

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Schiocco Support Board - Chat And Help Desk plugin version 1.2.3

Description A Stored XSS issue has been found in the file upload areas of the Chat and Help Desk sections. This is achieved via the msg parameter in the "/wp-admin/admin-ajax.php" API endpoint, specifically in the sb ajax add message action.

Recommendations For Schiocco Support Board - Chat And Help Desk plugin version 1.2.3, consider disabling the file upload feature in the Chat and Help Desk sections until a patch is available. Avoid using the msg parameter in the "/wp-admin/admin-ajax.php" API endpoint with the sb ajax add message action to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-18373

Affected Products

Schiocco Support Board - Chat/Help Desk

PT-2018-14420 · Schiocco · Schiocco Support Board - Chat/Help Desk

CVE-2018-18373

Weakness Enumeration

Related Identifiers

Affected Products

References · 4