Vendor
Crisp
Products
3
CVEs
3
Across products
3
Status
Private
Products
3- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-7378 | Cri | 0.59 | 9.1 | 0.03 | Nov 24, 2020 | CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was… | ||
| CVE-2021-43353 | Hig | 0.57 | 8.8 | 0.01 | Jan 18, 2022 | The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisp_plugin_settings_page function found in the ~/crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and… | ||
| CVE-2024-27963 | Med | 0.42 | 6.5 | 0.00 | Mar 21, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crisp allows Stored XSS.This issue affects Crisp: from n/a through 0.44. |
- risk 0.59cvss 9.1epss 0.03
CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was…
- risk 0.57cvss 8.8epss 0.01
The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisp_plugin_settings_page function found in the ~/crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and…
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crisp allows Stored XSS.This issue affects Crisp: from n/a through 0.44.