Browse all 9 CVE security advisories affecting Elfsight. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Elfsight provides website widgets and plugins for businesses to integrate third-party functionality. Historically, vulnerabilities have frequently involved cross-site scripting (XSS) and remote code execution (RCE) due to improper input validation and insecure deserialization. Privilege escalation issues have also been documented in administrative interfaces. The platform's security posture has been impacted by multiple CVEs, with several critical flaws allowing unauthorized access or complete compromise of affected sites. While no major public breaches have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for unpatched implementations, particularly in environments where default credentials remain unchanged or security updates are delayed.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-10390 | Elfsight Telegram Chat CC <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting — Elfsight Telegram Chat CCCWE-862 | 6.4 | Medium | 2024-11-18 |
This page lists every published CVE security advisory associated with Elfsight. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.