79 matches found
Malicious code in web-chat-portal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e1410c02449b7f9317f68317b69ec23e5601c189018c375ccdcb1d453def943 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10886 Malicious code in web-chat-portal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e1410c02449b7f9317f68317b69ec23e5601c189018c375ccdcb1d453def943 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-10433
A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Name/Comment leads to cross site scripting. The attack may be launched...
Malicious code in virtuoso-web-chat (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09f5be1f1f3cad8c43378afb0ddb0aed39e00e1e3169ff5e1559ab4c39d1bf06 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1601 Malicious code in virtuoso-web-chat (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09f5be1f1f3cad8c43378afb0ddb0aed39e00e1e3169ff5e1559ab4c39d1bf06 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in cst-web-chat (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f29459986483506a5bda069545676e4bfc990a37afd3dc286ba0e882cc4c8442 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1382 Malicious code in cst-web-chat (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f29459986483506a5bda069545676e4bfc990a37afd3dc286ba0e882cc4c8442 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-45696
Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser...
CVE-2023-45696
Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser...
Design/Logic Flaw
Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser...
CVE-2023-45696 HCL Sametime is impacted by an autocomplete enabled vulnerability
Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser...
CVE-2023-45696
CVE-2023-45696 affects HCL Sametime, specifically issues in the Legacy web chat client where autocomplete is enabled for sensitive input fields. The underlying consequence is that user-entered data can be stored by the browser by default. Current documents provide the vulnerability description an...
PT-2024-2332 · Hcl · Hcl Sametime Chat/Meetings
Name of the Vulnerable Software and Affected Versions: HCL Sametime Chat and Meetings affected versions not specified Description: The issue is related to the lack of protection for sensitive data in the HCL Sametime Chat and Meetings software. It is mentioned that sensitive fields have...
Design/Logic Flaw
Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after...
CVE-2020-13972
Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...
CVE-2020-13972
Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...
Design/Logic Flaw
Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...
CVE-2020-13972
CVE-2020-13972 in Enghouse Web Chat 6.2.284.34 is an XSS vulnerability triggered when a user supplies their own domain in the WebServiceLocation parameter; the POST response can display external JavaScript from a attacker-controlled server. This entry is tied to CVE-2019-16951, which Red Hat and ...
CVE-2020-13972
Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951...
Enghouse Systems Web Chat Input Validation Error Vulnerability
Enghouse Systems Web Chat is a web-based online chat application from Enghouse Systems Canada. An input validation error vulnerability exists in Enghouse Systems Web Chat versions 6.1.300.31 and 6.2.284.34. The vulnerability stems from the web system or product not properly validating input data...