68 matches found
CVE-2025-56514
Cross Site Scripting XSS vulnerability in Fiora chat application 1.0.0 allows executes arbitrary JavaScript when malicious SVG files are rendered by other users...
PT-2025-40248
Name of the Vulnerable Software and Affected Versions Fiora chat application version 1.0.0 Description A Cross Site Scripting XSS issue exists in the Fiora chat application. The application allows the execution of arbitrary JavaScript code when malicious SVG files are rendered by other users...
Fiora 跨站脚本漏洞
Fiora - is a chat application by yinxin630 individual developer. A cross-site scripting vulnerability exists in Fiora version 1.0.0, which originates from the execution of arbitrary JavaScript while rendering a malicious SVG file, and could lead to a cross-site scripting attack...
CVE-2025-53940
Quiet is an alternative to team chat apps like Slack, Discord, and Element that does not require trusting a central server or running one's own. In versions 6.1.0-alpha.4 and below, Quiet's API for backend/frontend communication was using an insecure, not constant-time comparison function for tok...
CVE-2025-52559
Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting XSS vulnerability in both topi...
CVE-2024-10433
A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Name/Comment leads to cross site scripting. The attack may be launched...
CVE-2022-4902
A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible ...
CVE-2002-2184
Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP addresses of other chat users via a "Showip" parameter in the chat applet...
CVE-2025-47930
Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique...
Chat App Used by Trump Admin Suspends Operation Amid Hack
TM SGNL, a chat app by US-Israeli firm TeleMessage used by Trump officials, halts operations after a breach…...
CVE-2025-25195
Zulip is an open source team chat application. A weekly cron job added in 50256f48314250978f521ef439cafa704e056539 demotes channels to being "inactive" after they have not received traffic for 180 days. However, upon doing so, an event was sent to all users in the organization, not just users in...
CVE-2024-10432
A vulnerability has been found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument username leads to sql injection. The attack can be launched...
CVE-2024-10433
The CVE-2024-10433 issue affects Project Worlds Simple Web-Based Chat Application 1.0. The vulnerability is a cross-site scripting flaw in the /index.php page, triggered by manipulating the Name/Comment parameter. It is described as exploitable remotely, with public disclosure of exploits. The av...
CVE-2024-10432 Project Worlds Simple Web-Based Chat Application index.php sql injection
A vulnerability has been found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument username leads to sql injection. The attack can be launched...
WP Chat App < 3.6.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Navigate to http://vulnerable-site.tld/wp-admin/admin.php?page=ntawhatsappfloatingwidge...
Remote Monitoring & Management software used in phishing attacks
Remote Monitoring & Management RMM software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these same tools have caught the eye of cybercriminals, who exploit them to...
CVE-2022-4902
A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible ...
Cross site scripting
A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible ...
CVE-2022-4902 eXo Chat Application Mention ExoChatMessageComposer.vue cross site scripting
A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible ...
CVE-2022-4902 eXo Chat Application Mention ExoChatMessageComposer.vue cross site scripting
A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible ...