EUVD-2025-44061

The sendmessage.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to Cross-Site Request Forgery CSRF. The application does not implement any CSRF-protection mechanisms such as tokens, nonces, or same-site cookie restrictions. An attacker can create a malicious HTML page tha...

CVE-2025-63710

The sendmessage.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to Cross-Site Request Forgery CSRF. The application does not implement any CSRF-protection mechanisms such as tokens, nonces, or same-site cookie restrictions. An attacker can create a malicious HTML page tha...

SourceCodester Simple Public Chat Room 安全漏洞

SourceCodester Simple Public Chat Room is a simple public chat room in SourceCodester open source. A security vulnerability exists in SourceCodester Simple Public Chat Room version 1.0, which stems from the sendmessage.php endpoint that does not implement a CSRF protection mechanism, which could...

CVE-2025-63710

The CVE-2025-63710 entry concerns SourceCodester Simple Public Chat Room 1.0. The send_message.php endpoint is vulnerable to Cross-Site Request Forgery (CSRF) because there are no CSRF protections (tokens, nonces, or same-site cookies). An attacker could lure an authenticated user to a malicious ...

PT-2025-46161

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Public Chat Room version 1.0 Description The application lacks CSRF-protection mechanisms like tokens, nonces, or same-site cookie restrictions. An attacker can create a malicious HTML page that, when visited by an...

CVE-2025-63710

The sendmessage.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to Cross-Site Request Forgery CSRF. The application does not implement any CSRF-protection mechanisms such as tokens, nonces, or same-site cookie restrictions. An attacker can create a malicious HTML page tha...

CVE-2025-63710

The sendmessage.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to Cross-Site Request Forgery CSRF. The application does not implement any CSRF-protection mechanisms such as tokens, nonces, or same-site cookie restrictions. An attacker can create a malicious HTML page tha...

CVE-2025-0403

A vulnerability, which was classified as problematic, has been found in 1902756969 reggie 1.0. Affected by this issue is some unknown functionality of the file /user/sendMsg of the component Phone Number Validation Handler. The manipulation of the argument code leads to information disclosure. Th...

PT-2024-36453 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A Stored Cross-Site Scripting XSS issue exists in the /send message teacher to student.php file, allowing remote attackers to execute arbitrary scripts via the my message...

PT-2024-36454 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: Kashipara E-learning Management System version 1.0 Description: A Stored Cross-Site Scripting XSS issue was found in the /send message.php endpoint of the Kashipara E-learning Management System. This issue allows remote attackers to execute...