Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.24 views

Crafty Syntax Live Help 2.7.3 - Multiple HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10463/info CSLH is prone to multiple HTML injection vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data. The problem presents itself in various modules of the application and can all...

7.1AI score
Exploits0
CVE
CVEadded 2008/08/27 11:0 p.m.36 views

CVE-2008-3845

Crafty Syntax Live Help (CSLH) prior to version 2.14.6 contains multiple SQL injection vulnerabilities in the server-side logic handling the department parameter for is_xmlhttp.php and is_flush.php. The underlying issue is unsafely constructed SQL queries that allow remote attackers to alter data...

7.5CVSS8.5AI score0.01716EPSS
Exploits1References9Affected Software1
Prion
Prionadded 2008/08/27 8:41 p.m.7 views

Information disclosure

Crafty Syntax Live Help CSLH 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information...

5CVSS6.7AI score0.00422EPSS
Exploits1References4Affected Software1
CVE
CVEadded 2008/08/27 8:0 p.m.43 views

CVE-2008-3840

The CVE-2008-3840 entry concerns Crafty Syntax Live Help (CSLH) 2.14.6 and earlier, where passwords are stored in cleartext in a MySQL database. The root cause is insecure password storage in plaintext, enabling an attacker with context access to obtain sensitive information from the database. Th...

5CVSS6.3AI score0.00422EPSS
Exploits1References4Affected Software1
CVE
CVEadded 2008/08/07 8:0 p.m.34 views

CVE-2008-3510

Crafty Syntax Live Help (CSLH) 2.14.6 has an XSS vulnerability in livehelp_js.php via the department parameter. The CVE-2008-3510 entry indicates remote, unauthenticated injection of script/HTML, with CVSSv2 base score 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N). No remediation details are provided in the c...

4.3CVSS5.7AI score0.0029EPSS
Exploits1References4Affected Software1
CVE
CVEadded 2008/03/06 12:0 a.m.35 views

CVE-2008-1183

CVE-2008-1183 documents multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax Live Help (CSLH) prior to 2.14.6. The affected components are the web endpoints (livehelp.php, user_questions.php, leavemessage.php) where unspecified parameters can be exploited to inject script/HTML. Th...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2008/02/21 12:0 a.m.39 views

CVE-2008-0848

Crafty Syntax Live Help (CSLH) is affected by CVE-2008-0848 due to an XSS vulnerability in lostsheep.php present in versions before 2.14.16. The entry states remote attackers can inject arbitrary script or HTML via unspecified vectors. The notes mention possible inaccuracies in the researcher’s v...

4.3CVSS5.7AI score0.00508EPSS
Exploits0References7Affected Software1
CVE
CVEadded 2005/08/16 4:0 a.m.40 views

CVE-2004-2355

Crafty Syntax Live Help (CSLH) prior to 2.7.4 is affected by a Cross-site scripting (XSS) vulnerability. The issue, described in CVE-2004-2355, allows remote attackers to inject arbitrary web script or HTML via the name field of a livehelp or chat session. Supported by NVD entry, the description ...

4.3CVSS5.9AI score0.01236EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder