Chat System Security Vulnerabilities and Issues — Chat System CVE List

Code-projectsChat System

7 matches found

CVE•added 2024/12/30 1:31 a.m.•58 views

CVE-2024-13033

CVE-2024-13033 affects code-projects Chat System 1.0. The vulnerability lies in the file /admin/chatroom.php where manipulating the id argument triggers a cross-site scripting (XSS) flaw. The issue can be exploited remotely and, according to public disclosures, the exploit has been released. Mult...

6.1CVSS3.7AI score0.00293EPSS

Web

CVE•added 2024/12/30 2:0 a.m.•57 views

CVE-2024-13034

The CVE-2024-13034 entry describes a cross-site scripting vulnerability in code-projects Chat System 1.0, affecting an unknown portion of /admin/update_user.php. The issue arises from improper handling of the name argument, enabling remote exploitation and with an exploit publicly disclosed. Conn...

7.6CVSS3.7AI score0.0045EPSS

Web

CVE•added 2024/12/29 7:0 p.m.•56 views

CVE-2024-13020

CVE-2024-13020 affects code-projects Chat System 1.0. The vulnerability is an SQL injection in the /admin/chatroom.php file triggered by manipulating the id parameter, with remote access possible and a public exploit. Root cause: insufficient input validation/filtering on id. Impact: potential da...

8.8CVSS6.9AI score0.0038EPSS

Web

CVE•added 2025/01/02 3:31 p.m.•55 views

CVE-2025-0172

The CVE-2025-0172 issue affects code-projects Chat System 1.0, specifically the /admin/deleteroom.php file. The vulnerability arises from improper validation of the id parameter, enabling SQL injection. Impact is described as remote exploitation with potential data exposure; multiple sources corr...

7.5CVSS7.6AI score0.0043EPSS

Web

CVE•added 2024/12/30 2:31 a.m.•50 views

CVE-2024-13035

CVE-2024-13035 affects code-projects Chat System 1.0. The vulnerability is a SQL injection in the /admin/update_user.php script caused by unsafely handling the id parameter (lack of input validation). Exploitation is possible remotely, and the exploit has been disclosed publicly per multiple sour...

9.8CVSS6.9AI score0.00393EPSS

Web

CVE•added 2024/12/29 6:31 p.m.•49 views

CVE-2024-13019

CVE-2024-13019 affects code-projects Chat System 1.0. The vulnerability arises in the /admin/update_room.php component, where the input parameter named name is not properly validated/escaped, enabling cross-site scripting. Exploitation is described as remote. Several sources corroborate the issue...

5.3CVSS3.8AI score0.00286EPSS

Web

CVE•added 2025/01/02 3:0 p.m.•48 views

CVE-2025-0171

CVE-2025-0171 affects code-projects Chat System 1.0. A SQL injection exists in the unknown function of /admin/deleteuser.php, exploitable remotely via the id parameter. Multiple sources classify the issue as critical with public disclosures. There is no provided official fixed version in the docu...

7.5CVSS7.6AI score0.0043EPSS

Web