Untriaged
Permalink
CVE-2023-34006
5.9 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): LOW
WordPress Telegram Bot & Channel Plugin <= 3.6.2 is vulnerable to Cross Site Scripting (XSS)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Telegram Bot & Channel plugin <= 3.6.2 versions.
References
- https://patchstack.com/database/vulnerability/telegram-bot/wordpress-telegram-b… vdb-entry
- https://patchstack.com/database/vulnerability/telegram-bot/wordpress-telegram-b… vdb-entry x_transferred
- https://patchstack.com/database/vulnerability/telegram-bot/wordpress-telegram-b… vdb-entry
- https://patchstack.com/database/vulnerability/telegram-bot/wordpress-telegram-b… vdb-entry x_transferred
Affected products
telegram-bot
- =<3.6.2
Matching in nixpkgs
pkgs.telegram-bot-api
Telegram Bot API server
-
nixos-unstable -
- nixpkgs-unstable 8.2
pkgs.haskellPackages.telegram-bot-api
Easy to use library for building Telegram bots. Exports Telegram Bot API.
-
nixos-unstable -
- nixpkgs-unstable 7.4.5
pkgs.haskellPackages.telegram-bot-simple
Easy to use library for building Telegram bots
-
nixos-unstable -
- nixpkgs-unstable 0.14.4
pkgs.python312Packages.python-telegram-bot
Python library to interface with the Telegram Bot API
-
nixos-unstable -
- nixpkgs-unstable 22.3
pkgs.python313Packages.python-telegram-bot
Python library to interface with the Telegram Bot API
-
nixos-unstable -
- nixpkgs-unstable 22.3
Package maintainers
-
@pingiun Jelle Besseling <nixos@pingiun.com>
-
@veprbl Dmitry Kalinkin <veprbl@gmail.com>
-
@Anillc Anillc <i@anillc.cn>
-
@nartsisss Daniil Nartsissov <nartsiss@proton.me>
-
@Forden Forden <forden@zuku.tech>