Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat Server 1.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
6AI Score
0.002EPSS
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected.
6.7AI Score
0.193EPSS
chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a large number of fake users, then eventually cause a denial of service (server crash).
6.6AI Score
0.023EPSS
Easy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as (1) ServerKey.pem and (2) AcceptIP.txt. NOTE: The provenance of this information is unknown; the detail...
6.7AI Score
0.005EPSS
Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine.
9.8CVSS
9.7AI Score
0.002EPSS
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp.
6.1CVSS
5.8AI Score
0.001EPSS
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter.
6.1CVSS
5.9AI Score
0.001EPSS
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. The XSS is loaded from /users.ghp.
6.1CVSS
5.8AI Score
0.001EPSS