ClickDesk Multiple Persistent XSS Details ======================================================================================== Product: ClickDesk a [ cross platform live chat and support plugin ] Security-Risk: High Remote-Exploit: yes Vendor-URL: https://www.clickdesk.com/ Advisory-Status: NotPublished Credits ======================================================================================== Discovered by: Owais Mehtab Greets To: Mirza Burhan Baig, Muhammad Waqar, Muhammad Ali Baloch, Navaid Zafar Ansari Affected Products: ======================================================================================== ClickDesk <=4.3 Tested on wordpress 3.8.1 Description ======================================================================================== "Live Chat Plugin" More Details ======================================================================================== I have discsovered a persistent Cross site scripting (XSS) inside ClickDesk,the vulnerability can be easily exploited and can be used to steal cookies, perform phishing attacks and other various attacks compromising the security of a user. Proof of Concept ======================================================================================== 1-Live Chat XSS --------------- go to any website having ClickDesk Live Chat installed, Click on the "Live Chat widget" and set the below vector in name field "><img src=O onerror=prompt(document.cookie);> Now click on initiate chat Wollah.. here you go with your own Cookie! 2-Email XSS ----------- go to any website having ClickDesk Live Chat installed, Click on the "Live Chat widget", this time select the email option and set the below vector in message field "><img src=O onerror=prompt(document.cookie);> Now Click on submit Wollah.. again here you go with your own Cookie! Solution ======================================================================================== Edit the source code to ensure that input is properly sanitised. -- Regards, Owais Mehtab