Lucene search
K

68 matches found

RedhatCVE
RedhatCVE
added 2025/10/02 12:17 a.m.9 views

CVE-2025-56514

Cross Site Scripting XSS vulnerability in Fiora chat application 1.0.0 allows executes arbitrary JavaScript when malicious SVG files are rendered by other users...

6AI score0.00262EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.8 views

PT-2025-40248

Name of the Vulnerable Software and Affected Versions Fiora chat application version 1.0.0 Description A Cross Site Scripting XSS issue exists in the Fiora chat application. The application allows the execution of arbitrary JavaScript code when malicious SVG files are rendered by other users...

5.1CVSS6AI score0.00262EPSS
Exploits2References7
CNNVD
CNNVD
added 2025/10/01 12:0 a.m.6 views

Fiora 跨站脚本漏洞

Fiora - is a chat application by yinxin630 individual developer. A cross-site scripting vulnerability exists in Fiora version 1.0.0, which originates from the execution of arbitrary JavaScript while rendering a malicious SVG file, and could lead to a cross-site scripting attack...

5.4CVSS6.1AI score0.00262EPSS
Exploits2References3
NVD
NVD
added 2025/07/24 11:15 p.m.28 views

CVE-2025-53940

Quiet is an alternative to team chat apps like Slack, Discord, and Element that does not require trusting a central server or running one's own. In versions 6.1.0-alpha.4 and below, Quiet's API for backend/frontend communication was using an insecure, not constant-time comparison function for tok...

8.5CVSS0.02649EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/04 8:27 p.m.9 views

CVE-2025-52559

Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting XSS vulnerability in both topi...

6.8CVSS5.4AI score0.00233EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:20 a.m.12 views

CVE-2024-10433

A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Name/Comment leads to cross site scripting. The attack may be launched...

6.1CVSS6.2AI score0.00393EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:34 a.m.7 views

CVE-2022-4902

A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible ...

6.1CVSS6.3AI score0.00593EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:35 p.m.7 views

CVE-2002-2184

Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP addresses of other chat users via a "Showip" parameter in the chat applet...

5CVSS6.7AI score0.01104EPSS
Exploits1References1
NVD
NVD
added 2025/05/16 12:15 a.m.23 views

CVE-2025-47930

Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented by creating a private or web-public channel, and then changing the channel privacy to public. A similar technique...

5.3CVSS0.00286EPSS
Exploits0References4
HackRead
HackRead
added 2025/05/05 9:19 p.m.12 views

Chat App Used by Trump Admin Suspends Operation Amid Hack

TM SGNL, a chat app by US-Israeli firm TeleMessage used by Trump officials, halts operations after a breach…...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/15 10:21 p.m.18 views

CVE-2025-25195

Zulip is an open source team chat application. A weekly cron job added in 50256f48314250978f521ef439cafa704e056539 demotes channels to being "inactive" after they have not received traffic for 180 days. However, upon doing so, an event was sent to all users in the organization, not just users in...

4.3CVSS6.7AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:59 a.m.11 views

CVE-2024-10432

A vulnerability has been found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument username leads to sql injection. The attack can be launched...

9.8CVSS7.4AI score0.00611EPSS
Exploits1References1
CVE
CVE
added 2024/10/28 12:0 a.m.57 views

CVE-2024-10433

The CVE-2024-10433 issue affects Project Worlds Simple Web-Based Chat Application 1.0. The vulnerability is a cross-site scripting flaw in the /index.php page, triggered by manipulating the Name/Comment parameter. It is described as exploitable remotely, with public disclosure of exploits. The av...

6.1CVSS4AI score0.00393EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/27 11:31 p.m.14 views

CVE-2024-10432 Project Worlds Simple Web-Based Chat Application index.php sql injection

A vulnerability has been found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument username leads to sql injection. The attack can be launched...

7.5CVSS7.4AI score0.00611EPSS
Exploits1References4
wpexploit
wpexploit
added 2024/04/05 12:0 a.m.165 views

WP Chat App < 3.6.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Navigate to http://vulnerable-site.tld/wp-admin/admin.php?page=ntawhatsappfloatingwidge...

6AI score0.00522EPSS
Exploits2References1
Malwarebytes
Malwarebytes
added 2024/02/13 4:38 p.m.30 views

Remote Monitoring &#038; Management software used in phishing attacks

Remote Monitoring & Management RMM software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these same tools have caught the eye of cybercriminals, who exploit them to...

7.7AI score
Exploits0
NVD
NVD
added 2023/02/06 7:15 p.m.23 views

CVE-2022-4902

A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible ...

6.1CVSS4.5AI score0.00593EPSS
Exploits0References6
Prion
Prion
added 2023/02/06 7:15 p.m.18 views

Cross site scripting

A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible ...

5.8CVSS6.1AI score0.00593EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2023/02/06 6:31 p.m.12 views

CVE-2022-4902 eXo Chat Application Mention ExoChatMessageComposer.vue cross site scripting

A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible ...

4CVSS6.2AI score0.00593EPSS
Exploits0References6
OSV
OSV
added 2023/02/06 6:31 p.m.23 views

CVE-2022-4902 eXo Chat Application Mention ExoChatMessageComposer.vue cross site scripting

A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible ...

3.5CVSS3.9AI score0.00593EPSS
Exploits0References8
Rows per page
Query Builder