52 matches found
CVE-2025-63710
The sendmessage.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to Cross-Site Request Forgery CSRF. The application does not implement any CSRF-protection mechanisms such as tokens, nonces, or same-site cookie restrictions. An attacker can create a malicious HTML page tha...
EUVD-2007-0831
Malware in sbrugna...
EUVD-2022-5492
Malicious code in bioql PyPI...
Code-Projects Public Chat Room 代码注入漏洞
Code-Projects Public Chat Room is Code-Projects open source public chat room software. Code-Projects Public Chat Room version 1.0 suffers from a code injection vulnerability, which originates from a cross-site scripting attack due to incorrect manipulation of the chatmsg/yourname parameter in the...
CVE-2023-23911
An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room...
CVE-2023-23911
An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room...
CVE-2023-23911
The CVE-2023-23911 issue is an improper access control vulnerability in Rocket.Chat prior to v6 that could allow an attacker to break the E2E chat-room encryption by changing the group key. Root cause: a user can modify the group key via server-side operations, enabling access to encrypted messag...
CVE-2023-23911
An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room...
Discourse Information Disclosure Vulnerability
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.An information disclosure vulnerability exists in versions of Discourse prior to 2.8.13, prior to 2.9.0.beta14, and prior to 2.9.0.tests-passed beta14. The vulnerability stems...
ERPNext 安全漏洞
ERPNext is an open source enterprise resource planning solution from ERPNext India. A security vulnerability exists in ERPNext versions v11.0.0-beta through v13.0.2, which stems from vulnerability to lack of authorization in chat room functionality, and can be exploited by an attacker to send a...
GHSA-W47G-4VRC-M3W2 Cross-site Scripting in Apache Pluto Chatroom demo
The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting XSS attacks. Mitigation: Uninstall the ChatRoomDemo war file - or - migrate to version 3.1.0 of the chat-room-demo war file...
Discourse has an unspecified vulnerability (CNVD-2022-05505)
Discourse is an open source community discussion platform that includes community, email, and chat room features. A security vulnerability exists in Discourse, which stems from the fact that users invited via email to a forum with "must approve users" enabled will automatically log in, bypassing...
Discourse Information Disclosure Vulnerability (CNVD-2022-05504)
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.Discourse is vulnerable to an information disclosure vulnerability that could be exploited by attackers to obtain private configuration files...
Discourse Information Disclosure Vulnerability (CNVD-2022-05506)
Discourse is an open source community discussion platform. The platform includes community, email and chat room features.Discourse suffers from an information disclosure vulnerability for which no detailed vulnerability details are currently available...
Discourse has an unspecified vulnerability (CNVD-2022-05508)
Discourse is an open source community discussion platform that includes community, email and chat room features. The platform includes community, email and chat room features. discourse-footnote has a security vulnerability that could be exploited to trigger null-reference javascript errors...
Open-xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-90757)
Open-xchange OX App Suite is a web-based cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite, which can be exploited...
Open-xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-90759)
Open-xchange OX App Suite is a web-based cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite, which can be exploited...
CVE-2021-33492
OX App Suite 7.10.5 allows XSS via an OX Chat room name...
CVE-2021-33492
OX App Suite 7.10.5 allows XSS via an OX Chat room name...
Cross site scripting
OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering...