CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A Cross-site Scripting XSS vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser...

6.1CVSS5.2AI score0.00131EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 10:6 p.m.•4 views

CVE-2022-39279

discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting XSS attack by inserting unsafe HTML into them...

5.4CVSS5.6AI score0.00219EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:54 a.m.•5 views

CVE-2019-19362

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. The vendor states that it was later fixed. Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history but does not exit the...

6.5CVSS6.7AI score0.00438EPSS

Exploits1References1

NVD•added 2024/06/27 7:15 p.m.•16 views

CVE-2024-5933

6.1CVSS0.00131EPSS

Exploits1References1

Cvelist•added 2024/06/27 6:46 p.m.•13 views

CVE-2024-5933 Cross-site Scripting (XSS) in parisneo/lollms-webui

6.1CVSS0.00131EPSS

Exploits1References1

Vulnrichment•added 2024/06/27 6:46 p.m.•13 views

CVE-2024-5933 Cross-site Scripting (XSS) in parisneo/lollms-webui

6.1CVSS6AI score0.00131EPSS

Exploits1References1

Vulnrichment•added 2024/04/10 5:8 p.m.•13 views

CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm

A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...

5.7AI score0.00089EPSS

Exploits1References2

Cvelist•added 2024/04/10 5:8 p.m.•17 views

CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm

3.8AI score0.00089EPSS

Exploits1References2

Positive Technologies•added 2024/04/10 12:0 a.m.•1 views

PT-2024-26648 · Unknown · Anything-Llm

Name of the Vulnerable Software and Affected Versions: anything-llm affected versions not specified Description: A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating...

5.4CVSS3.6AI score0.00089EPSS

Exploits1References7

Vulnrichment•added 2024/03/07 3:14 a.m.•7 views

CVE-2024-28094 Blind SQL Injection in Chat functionality in Schoolbox

Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records...

8.8CVSS8.1AI score0.00086EPSS

Exploits0References2

Cvelist•added 2024/03/07 3:14 a.m.•13 views

CVE-2024-28094 Blind SQL Injection in Chat functionality in Schoolbox

Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records...

8.8CVSS9.3AI score0.00086EPSS

Exploits0References2

CVE•added 2024/03/07 3:14 a.m.•52 views

CVE-2024-28094

CVE-2024-28094 affects the Schoolbox application’s chat functionality prior to version 23.1.3. The issue is a blind SQL Injection that authenticated attackers can exploit to read, modify, and delete database records. Multiple sources confirm the vulnerability in Schoolbox before 23.1.3 and indica...

8.8CVSS9.1AI score0.00086EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/10/06 12:0 a.m.•10 views

CVE-2022-39279 Discourse-chat plugin susceptible to XSS in channel name and description

4.3CVSS5.5AI score0.00219EPSS

Exploits0References2

Vulnrichment•added 2022/01/18 9:55 p.m.•3 views

CVE-2022-21695 Improper Access Control in Onionshare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users or unauthenticated in public mode can send messages without being visible in the list of chat participants. Th...

4.3CVSS7.1AI score0.00278EPSS

Exploits0References2