179 matches found
PT-2026-28641
Name of the Vulnerable Software and Affected Versions HiJiffy Chatbot affected versions not specified Description An incorrect authorization issue exists in HiJiffy Chatbot that allows an attacker to download private messages from other users. This is achieved by exploiting the visitor parameter...
NotChatbot WebChat has a stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability exists in the NotChatbot WebChat widget thru 1.4.4. User-supplied input is not properly sanitized before being stored and rendered in the chat conversation history. This allows an attacker to inject arbitrary JavaScript code which is executed when t...
EUVD-2026-12866
A stored cross-site scripting XSS vulnerability exists in the NotChatbot WebChat widget thru 1.4.4. User-supplied input is not properly sanitized before being stored and rendered in the chat conversation history. This allows an attacker to inject arbitrary JavaScript code which is executed when t...
GHSA-W3VX-52J6-9FJP NotChatbot WebChat has a stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability exists in the NotChatbot WebChat widget thru 1.4.4. User-supplied input is not properly sanitized before being stored and rendered in the chat conversation history. This allows an attacker to inject arbitrary JavaScript code which is executed when t...
CVE-2026-30048
A stored cross-site scripting XSS vulnerability exists in the NotChatbot WebChat widget thru 1.4.4. User-supplied input is not properly sanitized before being stored and rendered in the chat conversation history. This allows an attacker to inject arbitrary JavaScript code which is executed when t...
CVE-2026-30048
NotChatbot WebChat widget up to version 1.4.4 is affected by a stored XSS due to improper sanitization of user input before storage and rendering in chat history. The issue appears across multiple independent implementations, indicating the vulnerability resides in the product itself rather than ...
WebChat 安全漏洞
WebChat is an online real-time chat service developed by NotChatbot’s individual developer, designed for website integration. Versions of WebChat 1.4.4 and earlier contained security vulnerabilities. These vulnerabilities stemmed from improper cleaning of user input before it was stored and...
CVE-2026-30048
A stored cross-site scripting XSS vulnerability exists in the NotChatbot WebChat widget thru 1.4.4. User-supplied input is not properly sanitized before being stored and rendered in the chat conversation history. This allows an attacker to inject arbitrary JavaScript code which is executed when t...
CVE-2026-30048
A stored cross-site scripting XSS vulnerability exists in the NotChatbot WebChat widget thru 1.4.4. User-supplied input is not properly sanitized before being stored and rendered in the chat conversation history. This allows an attacker to inject arbitrary JavaScript code which is executed when t...
CVE-2026-30048
A stored cross-site scripting XSS vulnerability exists in the NotChatbot WebChat widget thru 1.4.4. User-supplied input is not properly sanitized before being stored and rendered in the chat conversation history. This allows an attacker to inject arbitrary JavaScript code which is executed when t...
PT-2026-26106
A stored cross-site scripting XSS vulnerability exists in the NotChatbot WebChat widget thru 1.4.4. User-supplied input is not properly sanitized before being stored and rendered in the chat conversation history. This allows an attacker to inject arbitrary JavaScript code which is executed when t...
GHSA-MQPW-46FH-299H OpenClaw authorization bypass: operator.write can resolve exec approvals via chat.send -> /approve
Summary What this means plain language If you give a client “chat/write” access to the gateway operator.write but you do not intend to let that client approve exec requests operator.approvals, affected versions could still let that client approve/deny a pending exec approval by sending the /appro...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...
MAL-2025-191454 Malicious code in @freeday-ai/webchat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c83e58d7d44e29e5ff1bbf1fde3e4796cb2a04716c72ccd63d1e9d5c98b5054e The package @freeday-ai/webchat was found to contain malicious code. Source: ghsa-malware...
Malicious code in @freeday-ai/webchat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c83e58d7d44e29e5ff1bbf1fde3e4796cb2a04716c72ccd63d1e9d5c98b5054e The package @freeday-ai/webchat was found to contain malicious code. Source: ghsa-malware...
D-Link DI-7100G C1 openid parameter buffer overflow vulnerability
The D-Link DI-7100G C1 is an enterprise-class router from D-Link, designed for small and medium-sized businesses. The D-Link DI-7100G C1 suffers from a buffer overflow vulnerability that originates from the parameter openid in the file /webchat/login.cgi failing to properly validate the length an...
D-Link DI-7100G C1 popupId parameter buffer overflow vulnerability
The D-Link DI-7100G C1 is an enterprise-class router from D-Link, designed for small and medium-sized businesses. The D-Link DI-7100G C1 suffers from a buffer overflow vulnerability that originates from the parameter popupId in the file /webchat/hiblock.asp failing to properly validate the length...
EUVD-2008-1411
Malware in sbrugna...
EUVD-2002-2369
Malware in sbrugna...
EUVD-2007-3518
Malware in sbrugna...