20 matches found
CVE-2020-36931
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests...
CVE-2020-36931 Click2Magic 1.1.5 - Stored Cross-Site Scripting
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests...
EUVD-2026-4632
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests...
CVE-2020-36931
Click2Magic 1.1.5 is affected by a stored cross-site scripting vulnerability in the chat name input. The condition allows attackers to inject scripts that can capture administrator cookies when the admin processes user requests. Reported CVSS details indicate Medium severity (CVSSv4 = 5.1; CVSSv3...
CVE-2020-36931
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests...
CVE-2020-36931 Click2Magic 1.1.5 - Stored Cross-Site Scripting
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests...
PT-2026-4649
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests...
EUVD-2005-1193
Malware in sbrugna...
EUVD-2005-1192
Malware in sbrugna...
EUVD-2025-7266
Malicious code in bioql PyPI...
CVE-2025-30345
An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chatgroup.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML entities are encoded properly, but not when...
Cross site scripting
Cross Site Scripting XSS vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components...
CVE-2024-24276
Cross Site Scripting XSS vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components...
Grouptime Teamwire Client Security Vulnerability
Grouptime Teamwire Client is an enterprise messaging client application from Grouptime Germany. A security vulnerability exists in Grouptime Teamwire Client versions v.2.0.1 through v.2.4.0. A remote attacker could exploit the vulnerability to obtain sensitive information via a specially crafted...
CVE-2024-24276
Cross Site Scripting XSS vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components...
PT-2024-20334 · Teamwire · Teamwire Windows Desktop Client
Name of the Vulnerable Software and Affected Versions: Teamwire Windows desktop client versions 2.0.1 through 2.4.0 Description: A Cross Site Scripting XSS issue allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username, and group...
CVE-2007-1394
Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information...
Code injection
Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information...
CVE-2005-1190
WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a denial of service via a long chat name, which takes up too much display space and prevents the chat frame from being properly rendered...
CVE-2005-1189
Cross-site scripting XSS vulnerability in WebcamXP PRO v2.16.468 and earlier allows remote attackers to inject arbitrary web script or HTML via the chat name, as demonstrated by using an IFRAME to redirect users to other sites...