Lucene search

Egain Security Vulnerabilities

cve

CVE-2019-13975

eGain Chat 15.0.3 allows HTML Injection.

6.1CVSS

6.2AI Score

0.001EPSS

2019-09-04 04:15 PM

cve

CVE-2019-13976

eGain Chat 15.0.3 allows unrestricted file upload.

9.8CVSS

9.3AI Score

0.002EPSS

2019-09-04 04:15 PM

cve

CVE-2019-17123

The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, the message parameter can have initial HTML comment characters.)

7.5CVSS

7.6AI Score

0.001EPSS

2019-12-13 06:15 PM

cve

CVE-2020-15948

eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field.

6.1CVSS

5.9AI Score

0.001EPSS

2021-07-30 02:15 PM