Lucene search
K

79 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/22 1:18 a.m.5 views

Malicious code in web-chat-portal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e1410c02449b7f9317f68317b69ec23e5601c189018c375ccdcb1d453def943 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
OSV
OSV
added 2024/11/22 1:18 a.m.4 views

MAL-2024-10886 Malicious code in web-chat-portal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e1410c02449b7f9317f68317b69ec23e5601c189018c375ccdcb1d453def943 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/10/28 12:15 a.m.5 views

CVE-2024-10433

A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Name/Comment leads to cross site scripting. The attack may be launched...

6.1CVSS3.8AI score0.00393EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/12 4:14 a.m.4 views

Malicious code in virtuoso-web-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09f5be1f1f3cad8c43378afb0ddb0aed39e00e1e3169ff5e1559ab4c39d1bf06 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2024/06/12 4:14 a.m.8 views

MAL-2024-1601 Malicious code in virtuoso-web-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09f5be1f1f3cad8c43378afb0ddb0aed39e00e1e3169ff5e1559ab4c39d1bf06 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/05/24 7:45 p.m.6 views

Malicious code in cst-web-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f29459986483506a5bda069545676e4bfc990a37afd3dc286ba0e882cc4c8442 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/05/24 7:45 p.m.10 views

MAL-2024-1382 Malicious code in cst-web-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f29459986483506a5bda069545676e4bfc990a37afd3dc286ba0e882cc4c8442 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
NVD
NVD
added 2024/02/10 3:15 a.m.18 views

CVE-2023-45696

Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser...

7.5CVSS4.1AI score0.00443EPSS
Exploits0References1
OSV
OSV
added 2024/02/10 3:15 a.m.4 views

CVE-2023-45696

Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser...

7.5CVSS5.8AI score0.00443EPSS
Exploits0References1
Prion
Prion
added 2024/02/10 3:15 a.m.18 views

Design/Logic Flaw

Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser...

1.2CVSS6.9AI score0.00443EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/10 3:10 a.m.26 views

CVE-2023-45696 HCL Sametime is impacted by an autocomplete enabled vulnerability

Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser...

4CVSS4.5AI score0.00443EPSS
Exploits0References1
CVE
CVE
added 2024/02/10 3:10 a.m.42 views

CVE-2023-45696

CVE-2023-45696 affects HCL Sametime, specifically issues in the Legacy web chat client where autocomplete is enabled for sensitive input fields. The underlying consequence is that user-entered data can be stored by the browser by default. Current documents provide the vulnerability description an...

7.5CVSS4.3AI score0.00443EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/09 12:0 a.m.4 views

PT-2024-2332 · Hcl · Hcl Sametime Chat/Meetings

Name of the Vulnerable Software and Affected Versions: HCL Sametime Chat and Meetings affected versions not specified Description: The issue is related to the lack of protection for sensitive data in the HCL Sametime Chat and Meetings software. It is mentioned that sensitive fields have...

7.5CVSS6.5AI score0.00443EPSS
Exploits0References8
Prion
Prion
added 2022/01/04 9:15 p.m.11 views

Design/Logic Flaw

Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after...

3.5CVSS5.3AI score0.00831EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2020/09/03 3:15 p.m.26 views

CVE-2020-13972

Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...

6.1CVSS5.3AI score0.00686EPSS
Exploits1References1
OSV
OSV
added 2020/09/03 3:15 p.m.5 views

CVE-2020-13972

Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...

6.1CVSS6.2AI score0.00686EPSS
Exploits1References1
Prion
Prion
added 2020/09/03 3:15 p.m.24 views

Design/Logic Flaw

Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...

4.3CVSS5.3AI score0.00952EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2020/09/03 2:36 p.m.52 views

CVE-2020-13972

CVE-2020-13972 in Enghouse Web Chat 6.2.284.34 is an XSS vulnerability triggered when a user supplies their own domain in the WebServiceLocation parameter; the POST response can display external JavaScript from a attacker-controlled server. This entry is tied to CVE-2019-16951, which Red Hat and ...

6.1CVSS5.3AI score0.00686EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/09/03 2:36 p.m.34 views

CVE-2020-13972

Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...

5.5AI score0.00686EPSS
Exploits1References1
CNVD
CNVD
added 2019/12/17 12:0 a.m.4 views

Enghouse Systems Web Chat Input Validation Error Vulnerability

Enghouse Systems Web Chat is a web-based online chat application from Enghouse Systems Canada. An input validation error vulnerability exists in Enghouse Systems Web Chat versions 6.1.300.31 and 6.2.284.34. The vulnerability stems from the web system or product not properly validating input data...

6.5CVSS6.9AI score0.00783EPSS
Exploits1References1
Rows per page
Query Builder