3 matches found
CVE-2023-4497
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability stored via /registresult.htm POST method, in the Icon parameter. The XSS is loaded from /users.ghp...
CVE-2023-4497
CVE-2023-4497 affects Easy Chat Server (version 3.1 and earlier). The vulnerability is a stored XSS in the Icon parameter, reachable via POST to /registresult.htm and loading data from /users.ghp. Descriptions in multiple sources confirm the issue; CVSS v3.1 base score 6.1 (MEDIUM) with network a...
CVE-2023-4497 Easy Chat Server XSS vulnerability
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability stored via /registresult.htm POST method, in the Icon parameter. The XSS is loaded from /users.ghp...