128 matches found
Discourse 跨站脚本漏洞
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse suffers from a cross-site scripting vulnerability. An attacker exploiting this vulnerability could execute arbitrary JavaScript on a user...
CVE-2024-9141
Cross-Site Scripting XSS vulnerability in the Oct8ne system. This flaw could allow an attacker to embed harmful JavaScript code into the body of a chat message. This manipulation occurs when the chat content is intercepted and altered, leading to the execution of the JavaScript payload...
CVE-2024-9141 Cross-Site Scripting (XSS) vulnerability in Oct8ne
Cross-Site Scripting XSS vulnerability in the Oct8ne system. This flaw could allow an attacker to embed harmful JavaScript code into the body of a chat message. This manipulation occurs when the chat content is intercepted and altered, leading to the execution of the JavaScript payload...
LoLLMs Cross-Site Scripting Vulnerability
LoLLMs is a web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A cross-site scripting vulnerability exists in lollms-webui that originates from a vulnerability that allows an attacker to inject malicious script via a chat message and then execute it in the...
CVE-2023-33198 Incorrectly Specified Chat Message Destinations in tgstation-server and DreamMaker API
tgstation-server is a production scale tool for BYOND server management. The DreamMaker API DMAPI chat channel cache can possibly be poisoned by a tgstation-server TGS restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the...
CVE-2023-33198 Incorrectly Specified Chat Message Destinations in tgstation-server and DreamMaker API
tgstation-server is a production scale tool for BYOND server management. The DreamMaker API DMAPI chat channel cache can possibly be poisoned by a tgstation-server TGS restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the...
CVE-2023-28356
A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming 120% CPU and rendering the service unresponsive...
Cross site scripting
Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the tests-passed branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the...
New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message
Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol XMPP messages and execute malicious code. Tracked from CVE-2022-2278...
CVE-2022-27850
Cross-Site Request Forgery CSRF in Simple Ajax Chat WordPress plugin = 20220115 allows an attacker to clear the chat log or delete a chat message...
CVE-2022-27850
Cross-Site Request Forgery CSRF in Simple Ajax Chat WordPress plugin = 20220115 allows an attacker to clear the chat log or delete a chat message...
CVE-2022-25642
Obyte formerly Byteball Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution...
Remote code execution
Obyte formerly Byteball Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution...
CVE-2021-33672
Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the application, the...
CVE-2021-33672
Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the application, the...
CVE-2021-32795
ArchiSteamFarm (ASF) is affected by CVE-2021-32795, a DoS that allows a remote attacker to crash a v4.x ASF instance by sending a specially crafted Steam chat message. The attacker does not need authentication and must know ASF’s CommandPrefix; many deployments use the default. The issue is fixed...
CVE-2021-32689
Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in versions 11.2.2 and...
Nextcloud Talk not properly disassociating users from chats after account deletion
None...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Workscout Core Plugin versions prior to...
Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams
A zero-click remote code execution RCE bug in Microsoft Teams desktop apps could have allowed an adversary to execute arbitrary code by merely sending a specially-crafted chat message and compromise a target's system. The issues were reported to the Windows maker by Oskars Vegeris, a security...