EUVD-2021-31013

Malicious code in bioql PyPI...

Chain Sea Ai Chatbot System code issue vulnerability

Chain Sea Ai Chatbot System is an intelligent human customer service software from Chain Sea, a Chinese company. or execute arbitrary code to take control of the system or terminate the service...

Chain Sea Ai Chatbot System Cross-Site Scripting Vulnerability

Chain Sea Ai Chatbot System is an intelligent human customer service software from Chain Sea, China. Chain Sea Ai Chatbot System is vulnerable to a cross-site scripting vulnerability, which is caused by the product not filtering special characters in URL parameters and can be exploited for JS...

Chain Sea Ai Chatbot System Path Traversal Vulnerability

Chain Sea Ai Chatbot System is an intelligent customer service software from Chain Sea, a Chinese company. An attacker could download arbitrary system files without authentication...

CVE-2021-44162

Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. The function has improper filtering of special characters in URL parameters, which allows a remote attacker to download arbitrary system files without authentication...

CVE-2021-44164

Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in order to take control of the system or...

CVE-2021-44163

Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS reflected Cross-site scripting attack without authentication...

CVE-2021-44164 Chain Sea Information Integration Co., Ltd ai chatbot system - Arbitrary File Upload

Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in order to take control of the system or...

CVE-2021-44164

The CVE-2021-44164 entry concerns Chain Sea AI chatbot system; its file upload function lacks robust filtering for special URL characters, allowing bypass of file type validation and remote code execution without authentication. Impact is system take-over or service termination as described; conn...

CVE-2021-44163 Chain Sea Information Integration Co., Ltd ai chatbot system - Reflected XSS

Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS reflected Cross-site scripting attack without authentication...

CVE-2021-44163

CVE-2021-44163 affects the Chain Sea AI chatbot backend. The issue arises from improper filtering of special characters in URL parameters, enabling a remote attacker to perform reflected XSS via JavaScript injection without authentication. Public references in the dataset corroborate a URL-parame...

CVE-2021-44162 Chain Sea Information Integration Co., Ltd ai chatbot system - Path Traversal

Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. The function has improper filtering of special characters in URL parameters, which allows a remote attacker to download arbitrary system files without authentication...

Chain Sea Ai Chatbot System 代码问题漏洞

Chain Sea Ai Chatbot System is an intelligent human customer service software from Chain Sea, a Chinese company. or execute arbitrary code to take control of the system or terminate the service...

Chain Sea Ai Chatbot System跨站脚本漏洞

Chain Sea Ai Chatbot System is an intelligent human customer service software from Chain Sea, China. Chain Sea Ai Chatbot System is vulnerable to a cross-site scripting vulnerability, which is caused by the product not filtering special characters in URL parameters and can be exploited for JS...

Chain Sea Ai Chatbot System 路径遍历漏洞

Chain Sea Ai Chatbot System is an intelligent customer service software from Chain Sea, a Chinese company. An attacker could download arbitrary system files without authentication...