42 matches found
CVE-2026-2987
The Simple Ajax Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'c' parameter in versions up to, and including, 20260217 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...
EUVD-2006-3964
Malware in sbrugna...
CVE-2009-3822
PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat comajaxchat component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSmosConfigabsolutepath parameter to tests/ajcuser.php...
Simple Ajax Chat < 20240412 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup This was partially fixed in 0240216 bu...
Simple Ajax Chat < 20240412 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup This was partially fixed in 0240216 bu...
Simple Ajax Chat < 20240216 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20231101 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress Simple Ajax Chat Plugin < 20240223 is vulnerable to Cross Site Scripting (XSS)
Software Simple Ajax Chat Type Plugin Vulnerable versions 20240223 Fixed in 20240223 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1983 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 67c9eb2499f7 Credits fourcade...
Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS
Description The plugin does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. PoC await fetch"http://vulnerable-site.tld/wp-content/plugins/simple-ajax-chat/simple-ajax-chat-core.php?sacSendChat=yes", "credentials": "include",...
Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS
Description The plugin does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. await fetch"http://vulnerable-site.tld/wp-content/plugins/simple-ajax-chat/simple-ajax-chat-core.php?sacSendChat=yes", "credentials": "include",...
WordPress Simple Ajax Chat plugin信息泄露漏洞
WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Simple Ajax Chat plugin has an information disclosure vulnerability, no detailed vulnerability details are provided...
WordPress Simple Ajax Chat plugin跨站请求伪造漏洞
WordPress is a product of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Simple Ajax Chat plugin has a cross-site request forgery vulnerability, whic...
WordPress Simple Ajax Chat plugin <= 20220115 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered by Ex.Mi Patchstack in WordPress Simple Ajax Chat plugin versions = 20220115. Solution Update the WordPress Simple Ajax Chat plugin to the latest available version at least 20220216...
WordPress Simple Ajax Chat plugin <= 20220115 - Multiple Cross-Site Request Forgery (CSRF) vulnerability
Multiple Cross-Site Request Forgery CSRF vulnerability discovered by Ex.Mi Patchstack in WordPress Simple Ajax Chat plugin versions = 20220115. Solution Update the WordPress Simple Ajax Chat plugin to the latest available version at least 20220216...
Simple Ajax Chat < 20220216 - Log Clearing & Arbitrary Chat Message Deletion via CSRF
The plugin does not have CSRF check in place when clearing chat logs and deleting a chat message, which could allow attackers to make a logged in admin perform such actions via a CSRF attack...
Cross site scripting
A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" POST parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code...
Sql injection
SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field...
Ajax Chat 0.1 operator_chattranscript.php chatid Parameter Traversal Arbitrary File Access
No description provided by source. source: http://www.securityfocus.com/bid/19238/info AJAX Chat is prone to both a directory-traversal vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the directory-traversal...
MyBB AJAX Chat - Persistent XSS Vulnerability
No description provided by source. Title: MyBB AJAX Chat Persistent XSS Vulnerability Date: 12/12/2012 Exploit Author: Mr. P-teo Vendor Homepage: http://www.mybb.com/ Software Link: http://mods.mybb.com/view/ajax-chat Version: 1 Tested on: Windows The Persistent XSS vulnerability lies within the...
MyBB AJAX Chat - Persistent Cross-Site Scripting
MyBB AJAX Chat - Persistent Cross-Site Scripting Title: MyBB AJAX Chat Persistent XSS Vulnerability Date: 12/12/2012 Exploit Author: Mr. P-teo Vendor Homepage: http://www.mybb.com/ Software Link: http://mods.mybb.com/view/ajax-chat Version: 1 Tested on: Windows The Persistent XSS vulnerability li...
HTB22995: XSS in Ajax Chat
Vulnerability ID: HTB22995 Reference: http://www.htbridge.ch/advisory/xssinajaxchat.html Product: Ajax Chat Vendor: php-development.ru Vulnerable Version: 1 Vendor Notification: 10 May 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit: High-Tech Bridge SA Security Resear...