This page aggregates publicly disclosed CVE and security risk information related to crisp, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-27963 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crisp allows Stored XSS.This issue affects Crisp: from n/a through 0.44. | [email protected] | 6.5 | 0.15% | 2024-03-21 | 2026-04-28 |
| CVE-2021-43353 | The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisp_plugin_settings_page function found in the ~/crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31. | [email protected] | 8.8 | 0.08% | 2022-01-18 | 2025-02-14 |