CVE-2019-25737

MEDIUM WAF: High

CVSS 6.1 Published: 2026-06-04

CWE-79

Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit payloads containing script tags and event handlers that execute in the admin area, enabling cookie theft or forced redirects to malicious websites.

WAF Coverage Analysis

Cross-Site Scripting (XSS) High WAF Coverage

OWASP: A03:2021 Injection

941xxx - XSS / XXE

References

codecanyon.net
screets.com
www.exploit-db.com
www.vulncheck.com

Back to CVE Database