CVE-2026-30048

A stored cross-site scripting XSS vulnerability exists in the NotChatbot WebChat widget thru 1.4.4. User-supplied input is not properly sanitized before being stored and rendered in the chat conversation history. This allows an attacker to inject arbitrary JavaScript code which is executed when t...

EUVD-2025-12134

Malicious code in bioql PyPI...

CVE-2025-39542

Incorrect Privilege Assignment vulnerability in Jauhari Xelion Xelion Webchat xelion-webchat allows Privilege Escalation.This issue affects Xelion Webchat: from n/a through = 9.1.0...

CVE-2025-3058 Xelion Webchat <= 9.1.0 - Authenticated (Subscriber+) Arbitrary Options Update

The Xelion Webchat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the xwcsavesettings function in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers, with...

CVE-2025-3058 Xelion Webchat <= 9.1.0 - Authenticated (Subscriber+) Arbitrary Options Update

The Xelion Webchat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the xwcsavesettings function in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers, with...

CVE-2025-3058

CVE-2025-3058 (Xelion Webchat, WordPress) affects the Xelion Webchat plugin for WordPress, up to and including version 9.1.0. The flaw is a missing capability check in the xwc_save_settings() function, enabling an authenticated attacker with Subscriber+ privileges to update arbitrary options. Doc...

CVE-2025-39542

Incorrect Privilege Assignment vulnerability in Jauhari Xelion Xelion Webchat xelion-webchat allows Privilege Escalation.This issue affects Xelion Webchat: from n/a through = 9.1.0...

CVE-2025-39542

CVE-2025-39542: In Xelion Webchat (WordPress plugin Xelion Webchat), an Incorrect Privilege Assignment flaw allows Privilege Escalation for versions n/a through 9.1.0. The issue is categorized with CVSS 3.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) for a base score of 8.8 (HIGH); exploitation would r...

WebChat 0.78 (login.php rid) Remote SQL Injection Vulnerability

No description provided by source. webchat 0.78 Class: SQL Injection Published 28/06/2007 Remote: Yes Critical Level : Dangerous Site: http://sourceforge.net/projects/webdev-webchat/ Download: http://downloads.sourceforge.net/webdev-webchat/webchat-078.zip?modtime=1046649600&bigmirror=0 Author:...

webchat File Include Vulnerability

webchat Class: File Include Vulnerability Published 2007/1/21 Remote: Yes Critical Level : Dangerous Site: http://www.easy-script.com/compt.php?id=1705 || http://sourceforge.net/projects/webdev-webchat/ Author: TheViper-hacker Contact: [email protected] file ; frame.php...

WebChat 0.77 (defines.php WEBCHATPATH) Remote File Include Vuln

No description provided by source. webchat Class: File Include Vulnerability Published 2007/1/21 Remote: Yes Critical Level : Dangerous Site: http://www.easy-script.com/compt.php?id=1705 || http://sourceforge.net/projects/webdev-webchat/ Author: TheViper-hacker Contact: [email protected]...

WebChat 2.0 - users.php?Database Username Disclosure

WebChat 2.0 - users.php?Database Username Disclosure source: https://www.securityfocus.com/bid/7777/info WebChat has been reported prone to a database username disclosure weakness. The issue presents itself when a malicious request is made for the WebChat ?users.php? page. An attacker may pass a...

WebChat 2.0 - users.php Cross-Site Scripting

WebChat 2.0 - users.php Cross-Site Scripting source: https://www.securityfocus.com/bid/7779/info WebChat has been reported prone to a cross-site scripting vulnerability. WebChat does not adequately filter script code from URI parameters, making it prone to cross-site scripting attacks...

WebChat 2.0 - &#039;users.php?Database Username Disclosure

source: https://www.securityfocus.com/bid/7777/info WebChat has been reported prone to a database username disclosure weakness. The issue presents itself when a malicious request is made for the WebChat ?users.php? page. An attacker may pass a guessed username as a specific URI parameter to the...

WebChat 2.0 - &#039;users.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/7779/info WebChat has been reported prone to a cross-site scripting vulnerability. WebChat does not adequately filter script code from URI parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a...

WebChat XSS

The remote host is vulnerable to a cross-site scripting attack through its web chat module : - An attacker may create a new user with a bogus email address containing JavaScript code - Then the profile of the newly created user or the 'lost password' page for this user will display the unprocesse...