EUVD-2021-11534

Malware in sbrugna...

Chain Sea Ai Chatbot System Path Traversal Vulnerability

Chain Sea Ai Chatbot System is an intelligent customer service software from Chain Sea, a Chinese company. An attacker could download arbitrary system files without authentication...

Chain Sea Ai Chatbot System 代码问题漏洞

Chain Sea Ai Chatbot System is an intelligent human customer service software from Chain Sea, a Chinese company. or execute arbitrary code to take control of the system or terminate the service...

Cross site scripting

The Customer Service Software & Support Ticket System WordPress plugin before 5.10.4 does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24622

The vulnerability CVE-2021-24622 affects the WordPress WP Ticket plugin prior to 5.10.4. The issue is that the plugin does not sanitize or escape form fields before outputting them in the List, enabling stored Cross-Site Scripting by high-privilege users even when unfiltered_html is disallowed. I...

EMC ESRS VE Information Disclosure Vulnerability

EMC ESRS VE is a set of EMC customer service and end-user EMC products and solutions to provide two-way remote connection between the remote service software. A security vulnerability exists in EMC ESRS VE version 3.18 and earlier. An attacker could exploit the vulnerability to compromise an...

Viber's Apple App Store account hacked; Description changed by hackers

Last week, we exclusively reported that the popular messenger Viber was hacked by the Syrian Electronic Army, and Support page was defaced with the message, "The Israeli-based - Viber is spying and tracking you." Today we found that Viber's Apple App Store description has been defaced as well. Th...