CVE-2025-20129

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform CCP, formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent...

CVE-2025-20129

Cisco CCP (Customer Collaboration Platform) Information Disclosure vulnerability affects the web-based chat interface. An unauthenticated, remote attacker can exploit improper sanitization of HTTP requests to the chat interface, potentially persuading targeted users to disclose sensitive data and...

CVE-2014-6392

Cross-site scripting XSS vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing of chat traffic. NOTE: the vendor disputes th...

Cross site scripting

Cross-site scripting XSS vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing of chat traffic. NOTE: the vendor disputes th...

PT-2014-7206 · Facebook · Facebook App +1

Name of the Vulnerable Software and Affected Versions: Facebook app version 14.0 Facebook Messenger app version 10.0 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME...