316 matches found
CVE-2023-4497
CVE-2023-4497 affects Easy Chat Server (version 3.1 and earlier). The vulnerability is a stored XSS in the Icon parameter, reachable via POST to /registresult.htm and loading data from /users.ghp. Descriptions in multiple sources confirm the issue; CVSS v3.1 base score 6.1 (MEDIUM) with network a...
CVE-2023-4497 Easy Chat Server XSS vulnerability
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability stored via /registresult.htm POST method, in the Icon parameter. The XSS is loaded from /users.ghp...
CVE-2023-4496 Easy Chat Server XSS vulnerability
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability stored via /body2.ghp POST method, in the mtowho parameter...
CVE-2023-4496
CVE-2023-4496 affects Easy Chat Server (version 3.1 and earlier). The vulnerability is a stored Cross-Site Scripting (XSS) in the mtowho parameter of the POST endpoint /body2.ghp, caused by insufficient input encryption. Impact details are limited to XSS risk; no exploit details or active exploit...
CVE-2023-4496 Easy Chat Server XSS vulnerability
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability stored via /body2.ghp POST method, in the mtowho parameter...
CVE-2023-4495 Easy Chat Server XSS vulnerability
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability stored via /registresult.htm POST method, in the Resume parameter. The XSS is loaded from /register.ghp...
CVE-2023-4495 Easy Chat Server XSS vulnerability
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability stored via /registresult.htm POST method, in the Resume parameter. The XSS is loaded from /register.ghp...
CVE-2023-4495
The CVE-2023-4495 entry documents an XSS vulnerability in Easy Chat Server (version 3.1 and earlier). The issue arises from insufficient sanitization of user-controlled input stored via the POST endpoint /registresult.htm in the Resume parameter, with the XSS payload being loaded from /register.g...
CVE-2023-4494 Easy Chat Server Stack-based buffer overflow vulnerability
Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine...
CVE-2023-4494
CVE-2023-4494 concerns Easy Chat Server 3.1. It is described as a stack-based buffer overflow in the handling of a username when accessed via the register.ghp file through a GET request, potentially enabling arbitrary code execution on the remote host. The vulnerability is rated with a high/criti...
CVE-2023-4494 Easy Chat Server Stack-based buffer overflow vulnerability
Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine...
Chat Server Cross-Site Scripting Vulnerability
Chat Server is ramank775 individual developer's chat server based on microservices architecture, supporting high availability, high throughput, horizontal scaling. A cross-site scripting vulnerability exists in Chat Server version 3.1, which stems from a stored cross-site scripting XSS...
Chat Server Buffer Error Vulnerability
Chat Server is ramank775 individual developer's chat server based on microservices architecture that supports high availability, high throughput, and horizontal scaling. A buffer error vulnerability exists in Easy Chat Server version 3.1, which stems from the presence of a buffer overflow...
PT-2023-29320 · Unknown · Easy Chat Server
Name of the Vulnerable Software and Affected Versions: Easy Chat Server versions 3.1 and earlier Description: The issue arises from insufficient encryption of user-controlled inputs, leading to a Cross-Site Scripting XSS vulnerability. This vulnerability is stored via the "POST" method at the...
PT-2023-29322 · Unknown · Easy Chat Server
Name of the Vulnerable Software and Affected Versions: Easy Chat Server versions 3.1 and earlier Description: The issue arises from insufficient encryption of user-controlled inputs, leading to a Cross-Site Scripting XSS vulnerability. This vulnerability is stored via the "/body2.ghp" API endpoin...
PT-2023-29319 · Unknown · Easy Chat Server
Name of the Vulnerable Software and Affected Versions: Easy Chat Server version 3.1 Description: A stack-based buffer overflow issue exists due to an excessively long username string being sent to the "register.ghp" file via a GET request, potentially leading to arbitrary code execution on the...
Chat Server Cross-Site Scripting Vulnerability
Chat Server is ramank775 individual developer's chat server based on microservices architecture, supporting high availability, high throughput, horizontal scaling. A cross-site scripting vulnerability exists in Chat Server version 3.1, which stems from a stored cross-site scripting XSS...
Chat Server Cross-Site Scripting Vulnerability
Chat Server is ramank775 individual developer's chat server based on microservices architecture, supporting high availability, high throughput, horizontal scaling. A cross-site scripting vulnerability exists in Chat Server version 3.1, which stems from a stored cross-site scripting XSS...
PT-2023-29324 · Unknown · Easy Chat Server
Name of the Vulnerable Software and Affected Versions: Easy Chat Server versions 3.1 and earlier Description: The issue arises from insufficient encryption of user-controlled inputs, leading to a Cross-Site Scripting XSS vulnerability. This vulnerability is stored via the "/registresult.htm" API...
chat.server-grenslandradio.nl Cross Site Scripting vulnerability OBB-3491229
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...