CVE-2023-51371

Name of the Vulnerable Software and Affected Versions Bit Assist Chat Widget versions n/a through 1.1.9

Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows Stored XSS in the Chat Widget, which includes features such as WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, and Customer Support Button with a floating Chat Widget.

Recommendations For versions n/a through 1.1.9, update to a version later than 1.1.9 to resolve the issue. As a temporary workaround, consider restricting access to the Chat Widget until a patch is available. Avoid using the Chat Widget with untrusted input until the issue is resolved. At the moment, there is no information about additional mitigation measures.