40 matches found
EUVD-2019-4538
Malware in sbrugna...
EUVD-2018-13276
Malware in sbrugna...
CVE-2025-9651
CVE-2025-9651 affects shafhasan chatbox; the vulnerable component is the /chat.php file where manipulating the user_id parameter triggers a SQL injection. The vulnerability is exploitable remotely (attack vector NETWORK) with low privileges required and no user interaction. Documented impact incl...
Chatbox 安全漏洞
Chatbox is a chat software by the individual developer Shafqat Hasan. Chatbox has a security vulnerability that stems from SQL injection due to incorrect manipulation of the parameter userid in the file /chat.php...
CVE-2024-10809
A vulnerability was found in code-projects E-Health Care System 1.0 and classified as critical. This issue affects some unknown processing of the file /Doctor/chat.php. The manipulation of the argument name/message leads to sql injection. The attack may be initiated remotely. The exploit has been...
CVE-2024-2284 boyiddha Automated-Mess-Management-System Chat Book chat.php cross site scripting
A vulnerability classified as problematic was found in boyiddha Automated-Mess-Management-System 1.0. Affected by this vulnerability is an unknown functionality of the file /member/chat.php of the component Chat Book. The manipulation of the argument msg leads to cross site scripting. The attack...
CVE-2023-4447
A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. This vulnerability affects unknown code of the file admin/article-chat.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to th...
CVE-2023-4447 OpenRapid RapidCMS article-chat.php sql injection
A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. This vulnerability affects unknown code of the file admin/article-chat.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to th...
CVE-2020-9758
An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 Helpdesk. A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...
Input validation
Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script...
CVE-2013-0739
Summary: CVE-2013-0739 affects Chamilo 1.9.4 and involves an XSS vulnerability in the chat.php script caused by improper validation of user-supplied input. Affected component: Chamilo 1.9.4, specifically the chat.php feature. Root cause: Improper validation of input in the chat functionality enab...
CVE-2013-0739
Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script...
Sql injection
TechyTalk Quick Chat WordPress Plugin All up to the latest is affected by: SQL Injection. The impact is: Access to the database. The component is: likeescape is used in Quick-chat.php line 399. The attack vector is: Crafted ajax request...
CVE-2019-1010104
TechyTalk Quick Chat WordPress Plugin All up to the latest is affected by: SQL Injection. The impact is: Access to the database. The component is: likeescape is used in Quick-chat.php line 399. The attack vector is: Crafted ajax request...
CVE-2019-12963
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action...
CVE-2019-12963
LiveZilla Server is affected by CVE-2019-12963: prior to 8.0.1.1, the chat.php Create Ticket action is vulnerable to cross-site scripting (XSS). This is confirmed by multiple sources (NVD/Red Hat/CNVD/OpenVAS references) and is characterized by XSS in the Create Ticket/Work Order path. Exploitati...
CVE-2019-12963
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action...
Cross site scripting
A stored cross site scripting XSS vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php...
CVE-2018-20731
A stored cross site scripting XSS vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php...
CVE-2018-20731
CVE-2018-20731 is a stored XSS vulnerability in NeDi prior to 1.7Cp3, exploitable via User-Chat.php. Public records in NVD/NVD-derived feeds describe that remote attackers can inject arbitrary web script or HTML. The connected feeds confirm NeDi versions affected up to at least 1.7Cp3 and referen...