26 matches found
CVE-2026-5616
A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to...
CVE-2026-5616
A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to...
PT-2026-30560
A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to...
CVE-2025-51397
A stored cross-site scripting XSS vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists...
CVE-2025-51397
CVE-2025-51397 is a stored XSS in Live Helper Chat (Facebook Chat module) affecting version 4.60 (and around 4.61 according to some sources). The vulnerability occurs when an attacker injects a crafted payload into the Recipient List’s Surname field, which is stored and can execute script when an...
CVE-2025-51397
A stored cross-site scripting XSS vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists...
CVE-2013-0318
The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors...
CVE-2023-45149
CVE-2023-45149 affects Nextcloud Talk. Root cause: brute-force protection for public talk conversation passwords can be bypassed because the authentication endpoint validates the password without applying bruteforce protection. Affected: Nextcloud Talk versions prior to 15.0.8, 16.0.6, or 17.1.1....
Nextcloud: [Thirdparty] Stored XSS in chat module - nextcloud server 9.0.51 installed in ubuntu 14.0.4 LTS
I found stored XSS vulnerability in nextcloud server's chat module Nextcloud Server version - 9.0.51 OS - Ubuntu 14.0.4 Browser - Internet Explorer 11 Steps: 1 Login as non-admin userattacker and change full name containing XSS payload - elamaran'"alertdocument.domain 2 Login as...
activeCollab Chat Module Arbitrary PHP Code Execution (CVE-2012-6554)
A code execution vulnerability exists in Chat module for activeCollab.The vulnerability is due to a flaw that is triggered by the pregreplace function.A remote attacker may exploit this vulnerability by evaluating a string with complex curly syntax, allowing for the execution of arbitrary code...
Active Collab "chat module" <= 2.3.8 - Remote PHP Code Injection Exploit
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Design/Logic Flaw
mod/chat/guisockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access...
Session fixation
functions/htmltotext.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the messagemessagetext parameter to chat/addmessag, which is not properly handled when executing the pregreplace function with the eval switch...
CVE-2012-6554
Summary: CVE-2012-6554 is an arbitrary PHP code execution in the Active Collab Chat Module for versions prior to 1.5.2, exploitable by remote authenticated users via the message[message_text] field in chat/add_messag. The root cause is improper handling during preg_replace with the eval switch, e...
Useresponse 1.0.2 - Privilege Escalation / Remote Code Execution
!/usr/bin/python -------------------- | abuseresponse.py | -------------------- Useresponse = 1.0.2 privilege escalation & remote code execution exploit vendor: USWebStyle http://www.uswebstyle.com/ software: http://www.useresponse.com/ vulns found by bcoles @bclose and mrme @netninja exploit by...
Active Collab "chat module" 2.3.8 Remote PHP Code Injection
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Active Collab "chat module" %q This...
Active Collab "chat module" Remote PHP Code Injection Exploit
This module exploits an arbitrary code injection vulnerability in the chat module that is part of Active Collab versions 2.3.8 and earlier by abusing a pregreplace using the /e modifier and its replacement string using double quotes. The vulnerable function can be found in...
Active Collab "chat module" <= 2.3.8 Remote PHP Code Injection Exploit
Exploit for php platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' cla...
CVE-2010-4988
PHP remote file inclusion vulnerability in modchatting/themes/default/header.php in Family Connections Who is Chatting 2.2.3 allows remote attackers to execute arbitrary PHP code via a URL in the TMPLpath parameter...
PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution
PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution !/usr/bin/php ?php / Found this after getting my inet back and noticing this http://www.milw0rm.com/exploits/6085 . The only problem with the remote command execution there is that it actually requires registerglobals = on. I saw the GLOBAL...