Chatengine Security Vulnerabilities and Issues — Chatengine CVE List

Chatengine ProjectChatengine

7 matches found

CVE•added 2023/07/06 12:0 a.m.•35 views

CVE-2023-30319

ChatEngine (Java web app) is affected by a cross-site scripting (XSS) vulnerability in the username field of /src/chatbotapp/LoginServlet.java, observed in commit fded8e710ad59f816867ad47d7fc4862f6502f3e. The issue allows arbitrary code execution as described in multiple sources referencing CVE-2...

9.6CVSS8.4AI score0.00255EPSS

CVE•added 2023/07/06 12:0 a.m.•35 views

CVE-2023-30322

The CVE-2023-30322 vulnerability, documented for Payatu ChatEngine v1.0, is a Cross-Site Scripting (XSS) issue in the username field of /src/chatbotapp/chatWindow.java that can allow an attacker to execute arbitrary code. Affected component/file: ChatEngine 1.0, + root cause described as input ha...

5.4CVSS5.5AI score0.00217EPSS

CVE•added 2023/07/06 12:0 a.m.•34 views

CVE-2023-30320

CVE-2023-30320 describes a Cross Site Scripting (XSS) in the wliang6 ChatEngine. Affected component: textMessage field in /src/chatbotapp/chatWindow.java (commit fded8e710ad59f816867ad47d7fc4862f6502f3e). The vulnerability allows attackers to execute arbitrary code. CVSSv3.1 score is 9.0 (CRITICA...

9CVSS8.3AI score0.00255EPSS

CVE•added 2023/07/06 12:0 a.m.•28 views

CVE-2023-30323

Payatu ChatEngine v1.0 is affected by CVE-2023-30323 due to a SQL injection in the username field of /src/chatbotapp/chatWindow.java, enabling exposure of sensitive information. The root cause is a SQL injection vulnerability in the username input path; no detailed exploit specifics are provided ...

7.5CVSS8AI score0.00108EPSS

CVE•added 2023/07/06 12:0 a.m.•26 views

CVE-2023-30326

CVE-2023-30326 : XSS vulnerability in wliang6 ChatEngine, in the file /WebContent/WEB-INF/lib/chatbox.jsp (username field). The root cause is improper input handling in chatbox.jsp, enabling injection of scripts. Affected product: wliang6 ChatEngine (version 1.0 per CNNVD/CVE context). Impact per...

6.1CVSS6.1AI score0.00233EPSS

Web

CVE•added 2023/07/06 12:0 a.m.•24 views

CVE-2023-30325

CVE-2023-30325 describes a SQL injection vulnerability in the Java-based ChatEngine v1.0, specifically via the textMessage parameter in /src/chatbotapp/chatWindow.java. The weakness allows an attacker to potentially exfiltrate sensitive data. Public sources consistently identify the affected comp...

7.5CVSS8AI score0.00108EPSS

Web

CVE•added 2023/07/06 12:0 a.m.•22 views

CVE-2023-30321

The CVE-2023-30321 entry concerns a Cross-Site Scripting (XSS) vulnerability in the wliang6 ChatEngine, specifically in the textMessage field of /src/chatbotapp/LoginServlet.java (commit fded8e710ad59f816867ad47d7fc4862f6502f3e). The underlying issue is insufficient input sanitization in the Logi...

9CVSS8.3AI score0.00195EPSS

Web