Lucene search
K

6 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-6144

Malware in sbrugna...

6.1CVSS6.3AI score0.00686EPSS
Exploits1References2
NVD
NVD
added 2020/09/03 3:15 p.m.26 views

CVE-2020-13972

Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...

6.1CVSS5.3AI score0.00686EPSS
Exploits1References1
Prion
Prion
added 2020/09/03 3:15 p.m.24 views

Design/Logic Flaw

Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...

4.3CVSS5.3AI score0.00952EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2020/09/03 2:36 p.m.34 views

CVE-2020-13972

Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...

5.5AI score0.00686EPSS
Exploits1References1
NVD
NVD
added 2019/11/13 7:15 p.m.25 views

CVE-2019-16951

A remote file include RFI issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST request is sent, it retrieves an attacker's data and displays it. Also worth mentioning is the amou...

5.3CVSS5.6AI score0.00952EPSS
Exploits1References1
CVE
CVE
added 2019/11/13 6:47 p.m.40 views

CVE-2019-16951

Enghouse Web Chat 6.2.284.34 is affected by a remote file include (RFI) vulnerability (CVE-2019-16951). The issue allows an attacker to substitute the localhost attribute with an attacker-controlled domain; after a POST, the product calls that domain and may return data that reveals sensitive inf...

5.3CVSS5.6AI score0.00952EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder