Lucene search
+L

102 matches found

NVD
NVD
added 2025/09/12 3:15 p.m.12 views

CVE-2025-55996

Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...

6.3CVSS0.00178EPSS
Exploits0References1
OSV
OSV
added 2025/09/12 3:15 p.m.4 views

CVE-2025-55996

Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...

6.3CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/12 12:0 a.m.3 views

CVE-2025-55996

Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...

6.7AI score0.00178EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/12 12:0 a.m.9 views

PT-2025-37322

Name of the Vulnerable Software and Affected Versions: Viber Desktop version 25.6.0 Description: Viber Desktop version 25.6.0 is susceptible to HTML Injection through the text parameter within the message compose/forward interface. Recommendations: As a temporary workaround, sanitize the text...

6.3CVSS6.8AI score0.00178EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/09/12 12:0 a.m.12 views

CVE-2025-55996

Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...

0.00178EPSS
Exploits0References1
CVE
CVE
added 2025/09/12 12:0 a.m.27 views

CVE-2025-55996

Viber Desktop 25.6.0 is affected by a HTML Injection vulnerability caused by improper handling of the text parameter in the message compose/forward interface. The issue can be triggered via the text field and has a CVSSv3.1 base score of 6.3 (Medium) with NETWORK attack vector, requiring user int...

6.3CVSS6.7AI score0.00178EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.6 views

Rakuten Viber Desktop 安全漏洞

Rakuten Viber Desktop is an instant messaging software from Viber Luxembourg. A security vulnerability exists in Rakuten Viber Desktop version 25.6.0, which stems from improper handling of text parameters in the message compose or forward interface, which could lead to an HTML injection attack...

6.3CVSS6.9AI score0.00178EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:9 a.m.5 views

CVE-2024-12457

The Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vchat' shortcode in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escapi...

6.4CVSS7.4AI score0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:19 p.m.8 views

CVE-2020-14049

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...

9.3CVSS7.4AI score0.15041EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 1:22 p.m.9 views

CVE-2018-3987

An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionali...

5.5CVSS6.3AI score0.00376EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/01/07 7:46 a.m.3 views

WordPress Chat Support for Viber plugin <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Chat Support for Viber versions = 1.7.3...

6.4CVSS5.7AI score0.00305EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/01/07 4:22 a.m.44 views

CVE-2024-12457

CVE-2024-12457 : In the WordPress plugin “Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode” there is a Stored Cross‑Site Scripting vulnerability via the plugin shortcode ‘vchat’, affecting all versions up to 1.7.2 (per initial description). Exploitation ...

6.4CVSS7.4AI score0.00305EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/07 4:22 a.m.18 views

CVE-2024-12457 Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vchat' shortcode in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escapi...

6.4CVSS0.00305EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.4 views

WordPress plugin Chat Support for Viber 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

6.4CVSS7.6AI score0.00305EPSS
Exploits0References2
HackRead
HackRead
added 2024/03/16 6:15 p.m.34 views

Hackers Claim Accessing 740GB of Data from Viber Messaging App

By Waqas Hackers claim to have breached Viber, stealing 740GB of data, including source code, and are now demanding ransom of 8 Bitcoin. This is a post from HackRead.com Read the original post: Hackers Claim Accessing 740GB of Data from Viber Messaging App...

7.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/10/25 8:4 p.m.26 views

css.viber.com Open Redirect vulnerability OBB-3765633

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.6AI score
Exploits0
HackRead
HackRead
added 2021/12/04 5:13 p.m.23 views

Malvertising attack distributes malicious Chrome extensions, backdoors

By Waqas Researchers believe that the campaign has been active since 2018, and since then, the malware has been under development constantly. Cisco Talos researchers have identified malvertising campaigns using fake installers of popular games and applications, such as WeChat, Viber, Battlefield,...

3.3AI score
Exploits0
Metasploit
Metasploit
added 2021/09/28 5:42 p.m.102 views

Viber Credential Gatherer

This module searches for credentials in Viber desktop application on a Windows host. Viber is a cross-platform voice over IP and instant messaging software application. Module Options msf use post/windows/gather/credentials/viber msf postviber show actions ...actions... msf postviber set ACTION m...

7AI score
Exploits0
Hacker One
Hacker One
added 2020/07/27 2:43 p.m.77 views

Internet Bug Bounty: Uncovering file quarantine and UX security issues in macOS apps ( .terminal, .fileloc and .url)

Slides : https://docs.google.com/presentation/d/19WeQbqcOKnrSv1I3Z4sm-oNAf6IVzHwRyQP4i9BvY/editslide=id.g758ad3e04223231 See Blogpost for more details - https://medium.com/@metnew/exploiting-popular-macos-apps-with-a-single-terminal-file-f6c2efdfedaa Summary Popular macOS apps with a file-sharing...

6.8CVSS6.6AI score0.02662EPSS
Exploits0
CNVD
CNVD
added 2020/06/23 12:0 a.m.8 views

Viber URI Handling Vulnerability

Viber is a suite of cross-platform instant messaging software. A security vulnerability exists in Viber versions prior to 13.2.0.39 Windows that stems from not properly referencing its custom URI handler. An attacker can exploit the vulnerability by leveraging a malicious website that causes a us...

7.5CVSS7.3AI score0.02161EPSS
Exploits1References1
Rows per page
Query Builder