5 matches found
EUVD-2023-34749
Malicious code in bioql PyPI...
PT-2023-22630 · Unknown · Wliang6 Chatengine
Name of the Vulnerable Software and Affected Versions: wliang6 ChatEngine affected versions not specified Description: A Cross Site Scripting XSS issue exists in the textMessage field in /src/chatbotapp/chatWindow.java, allowing attackers to execute arbitrary code. This is due to a vulnerability ...
PT-2023-22631 · Unknown · Wliang6 Chatengine
Name of the Vulnerable Software and Affected Versions: wliang6 ChatEngine affected versions not specified Description: A Cross Site Scripting XSS issue exists in the textMessage field in /src/chatbotapp/LoginServlet.java of wliang6 ChatEngine, allowing attackers to execute arbitrary code. This...
PT-2023-22635 · Unknown · Wliang6 Chatengine
Name of the Vulnerable Software and Affected Versions: wliang6 ChatEngine affected versions not specified Description: A Cross Site Scripting XSS issue exists in the username field of the /WebContent/WEB-INF/lib/chatbox.jsp file, allowing attackers to execute arbitrary code. This issue is related...
CVE-2023-30325
CVE-2023-30325 describes a SQL injection vulnerability in the Java-based ChatEngine v1.0, specifically via the textMessage parameter in /src/chatbotapp/chatWindow.java. The weakness allows an attacker to potentially exfiltrate sensitive data. Public sources consistently identify the affected comp...