CVE-2019-16949

An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. A user is allowed to send an archive of their chat log to an email address specified at the beginning of the chat where the user enters in their name and e-mail address. This POST request can be modified to change the message...

CVE-2019-16950

An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. The QueueName parameter of a GET request allows for insertion of user-supplied JavaScript...

CVE-2019-16951

A remote file include RFI issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST request is sent, it retrieves an attacker's data and displays it. Also worth mentioning is the amou...

EUVD-2019-7429

Malware in sbrugna...

EUVD-2013-6640

Malware in sbrugna...

EUVD-2018-20548

Malware in sbrugna...

EUVD-2019-7431

Malware in sbrugna...

EUVD-2019-7430

Malware in sbrugna...

EUVD-2019-7428

Malware in sbrugna...

EUVD-2020-6144

Malware in sbrugna...

CVE-2020-13972

Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...

CVE-2019-16948

An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to determine what is visible on the internal network as opposed to what general web traffic would see...

CVE-2020-13972

Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...

CVE-2020-13972

Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...

Design/Logic Flaw

Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...

CVE-2020-13972

Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...

CVE-2020-13972

CVE-2020-13972 in Enghouse Web Chat 6.2.284.34 is an XSS vulnerability triggered when a user supplies their own domain in the WebServiceLocation parameter; the POST response can display external JavaScript from a attacker-controlled server. This entry is tied to CVE-2019-16951, which Red Hat and ...

Enghouse Systems Web Chat Input Validation Error Vulnerability

Enghouse Systems Web Chat is a web-based online chat application from Enghouse Systems Canada. An input validation error vulnerability exists in Enghouse Systems Web Chat versions 6.1.300.31 and 6.2.284.34. The vulnerability stems from the web system or product not properly validating input data...

Enghouse Systems Web Chat Information Disclosure Vulnerability

Enghouse Systems Web Chat is a web-based online chat application from Enghouse Systems Canada. An information disclosure vulnerability exists in Enghouse Systems Web Chat version 6.2.284.34. The vulnerability stems from an error in configuration or other errors in the operation of a networked...

Enghouse Systems Web Chat Cross-Site Scripting Vulnerability

Enghouse Systems Web Chat is a web-based online chat application from Enghouse Systems Canada. A cross-site scripting vulnerability exists in Enghouse Systems Web Chat versions 6.1.300.31 and 6.2.284.34. The vulnerability stems from the WEB application's lack of proper validation of client data. ...