Vulnerability Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget allows Stored XSS.This issue affects Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget: from n/a through 1.1.9.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitapps | Bit Assist | <= 1.1.9 |
Related Weaknesses (CWE)
References
- https://patchstack.com/database/vulnerability/bit-assist/wordpress-chat-button-pThird Party Advisory
- https://patchstack.com/database/vulnerability/bit-assist/wordpress-chat-button-pThird Party Advisory
FAQ
What is CVE-2023-51371?
CVE-2023-51371 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messeng...
How severe is CVE-2023-51371?
CVE-2023-51371 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-51371?
Check the references section above for vendor advisories and patch information. Affected products include: Bitapps Bit Assist.