Lucene search
+L

128 matches found

cnnvd
cnnvd
added 2024/10/07 12:0 a.m.5 views

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse suffers from a cross-site scripting vulnerability. An attacker exploiting this vulnerability could execute arbitrary JavaScript on a user...

6.5CVSS6.2AI score0.0034EPSS
Exploits0References3
nvd
nvd
added 2024/09/25 1:15 a.m.25 views

CVE-2024-9141

Cross-Site Scripting XSS vulnerability in the Oct8ne system. This flaw could allow an attacker to embed harmful JavaScript code into the body of a chat message. This manipulation occurs when the chat content is intercepted and altered, leading to the execution of the JavaScript payload...

5.4CVSS0.00294EPSS
Exploits0References1
cvelist
cvelist
added 2024/09/24 10:50 a.m.26 views

CVE-2024-9141 Cross-Site Scripting (XSS) vulnerability in Oct8ne

Cross-Site Scripting XSS vulnerability in the Oct8ne system. This flaw could allow an attacker to embed harmful JavaScript code into the body of a chat message. This manipulation occurs when the chat content is intercepted and altered, leading to the execution of the JavaScript payload...

5.4CVSS0.00294EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/06/27 12:0 a.m.6 views

LoLLMs Cross-Site Scripting Vulnerability

LoLLMs is a web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A cross-site scripting vulnerability exists in lollms-webui that originates from a vulnerability that allows an attacker to inject malicious script via a chat message and then execute it in the...

6.1CVSS6.2AI score0.00351EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2023/05/30 4:37 a.m.10 views

CVE-2023-33198 Incorrectly Specified Chat Message Destinations in tgstation-server and DreamMaker API

tgstation-server is a production scale tool for BYOND server management. The DreamMaker API DMAPI chat channel cache can possibly be poisoned by a tgstation-server TGS restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the...

6.1CVSS7.1AI score0.00635EPSS
Exploits0References3
cvelist
cvelist
added 2023/05/30 4:37 a.m.23 views

CVE-2023-33198 Incorrectly Specified Chat Message Destinations in tgstation-server and DreamMaker API

tgstation-server is a production scale tool for BYOND server management. The DreamMaker API DMAPI chat channel cache can possibly be poisoned by a tgstation-server TGS restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the...

6.1CVSS7.9AI score0.00635EPSS
Exploits0References3
nvd
nvd
added 2023/05/11 10:15 p.m.14 views

CVE-2023-28356

A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming 120% CPU and rendering the service unresponsive...

7.5CVSS7.5AI score0.00718EPSS
Exploits0References1
prion
prion
added 2023/03/17 3:15 p.m.14 views

Cross site scripting

Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the tests-passed branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the...

5.8CVSS5.9AI score0.0035EPSS
Exploits0References2Affected Software1
thn
thn
added 2022/05/25 4:59 a.m.86 views

New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message

Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol XMPP messages and execute malicious code. Tracked from CVE-2022-2278...

9.1CVSS1.5AI score0.04301EPSS
Exploits0
osv
osv
added 2022/04/15 5:15 p.m.4 views

CVE-2022-27850

Cross-Site Request Forgery CSRF in Simple Ajax Chat WordPress plugin = 20220115 allows an attacker to clear the chat log or delete a chat message...

4.3CVSS5.8AI score0.00381EPSS
Exploits0References2
attackerkb
attackerkb
added 2022/04/15 10:48 a.m.5 views

CVE-2022-27850

Cross-Site Request Forgery CSRF in Simple Ajax Chat WordPress plugin = 20220115 allows an attacker to clear the chat log or delete a chat message...

5.4CVSS4.9AI score0.00381EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2022/02/28 3:15 p.m.3 views

CVE-2022-25642

Obyte formerly Byteball Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution...

6.1CVSS5.8AI score0.01434EPSS
Exploits0References4
prion
prion
added 2022/02/28 3:15 p.m.16 views

Remote code execution

Obyte formerly Byteball Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution...

4.3CVSS6.7AI score0.01434EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2021/09/14 12:15 p.m.23 views

CVE-2021-33672

Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the application, the...

9.6CVSS0.011EPSS
Exploits0References2
osv
osv
added 2021/09/14 12:15 p.m.5 views

CVE-2021-33672

Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the application, the...

9.6CVSS5.8AI score0.011EPSS
Exploits0References2
cve
cve
added 2021/07/26 7:25 p.m.71 views

CVE-2021-32795

ArchiSteamFarm (ASF) is affected by CVE-2021-32795, a DoS that allows a remote attacker to crash a v4.x ASF instance by sending a specially crafted Steam chat message. The attacker does not need authentication and must know ASF’s CommandPrefix; many deployments use the default. The issue is fixed...

6.5CVSS6.3AI score0.01717EPSS
Exploits1References3Affected Software1
osv
osv
added 2021/07/12 7:15 p.m.18 views

CVE-2021-32689

Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in versions 11.2.2 and...

6.5CVSS6.6AI score
Exploits0References5
nextcloud
nextcloud
added 2021/07/12 9:17 a.m.57 views

Nextcloud Talk not properly disassociating users from chats after account deletion

None...

8.1CVSS6.4AI score0.01EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2021/05/06 12:0 a.m.4 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Workscout Core Plugin versions prior to...

5.4CVSS5.5AI score0.00659EPSS
Exploits2References2
thn
thn
added 2020/12/08 6:31 a.m.7 views

Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams

A zero-click remote code execution RCE bug in Microsoft Teams desktop apps could have allowed an adversary to execute arbitrary code by merely sending a specially-crafted chat message and compromise a target's system. The issues were reported to the Windows maker by Oskars Vegeris, a security...

7.8CVSS8.1AI score0.01831EPSS
Exploits0
Rows per page
Query Builder