8 matches found
EUVD-2023-34749
Malicious code in bioql PyPI...
CVE-2023-30321
Cross Site Scripting XSS vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code...
CVE-2023-30320
Cross Site Scripting XSS vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code...
PT-2023-22635 · Unknown · Wliang6 Chatengine
Name of the Vulnerable Software and Affected Versions: wliang6 ChatEngine affected versions not specified Description: A Cross Site Scripting XSS issue exists in the username field of the /WebContent/WEB-INF/lib/chatbox.jsp file, allowing attackers to execute arbitrary code. This issue is related...
PT-2023-22631 · Unknown · Wliang6 Chatengine
Name of the Vulnerable Software and Affected Versions: wliang6 ChatEngine affected versions not specified Description: A Cross Site Scripting XSS issue exists in the textMessage field in /src/chatbotapp/LoginServlet.java of wliang6 ChatEngine, allowing attackers to execute arbitrary code. This...
PT-2023-22630 · Unknown · Wliang6 Chatengine
Name of the Vulnerable Software and Affected Versions: wliang6 ChatEngine affected versions not specified Description: A Cross Site Scripting XSS issue exists in the textMessage field in /src/chatbotapp/chatWindow.java, allowing attackers to execute arbitrary code. This is due to a vulnerability ...
CVE-2023-30326
CVE-2023-30326 : XSS vulnerability in wliang6 ChatEngine, in the file /WebContent/WEB-INF/lib/chatbox.jsp (username field). The root cause is improper input handling in chatbox.jsp, enabling injection of scripts. Affected product: wliang6 ChatEngine (version 1.0 per CNNVD/CVE context). Impact per...
CVE-2023-30325
CVE-2023-30325 describes a SQL injection vulnerability in the Java-based ChatEngine v1.0, specifically via the textMessage parameter in /src/chatbotapp/chatWindow.java. The weakness allows an attacker to potentially exfiltrate sensitive data. Public sources consistently identify the affected comp...