Cryptocat Project Security Vulnerabilities

CVE-2013-2257

Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness

CVE-2013-2258

Cryptocat before 2.0.22 has Nickname User Impersonation

CVE-2013-2259

Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview

CVE-2013-2260

Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness

CVE-2013-2261

Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure

CVE-2013-2262

Cryptocat strophe.js before 2.0.22 has information disclosure

CVE-2013-4100

Cryptocat before 2.0.22 has Remote Denial of Service via username

CVE-2013-4101

Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness

CVE-2013-4102

Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness

CVE-2013-4103

Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input

CVE-2013-4104

Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol

CVE-2013-4105

Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure

CVE-2013-4106

A Cross-site scripting (XSS) vulnerability exists in Conversation Overview Nickname in Cryptocat before 2.0.22.

CVE-2013-4107

Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site scripting

CVE-2013-4108

Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors.

CVE-2013-4109

An unspecified cross-site scripting (XSS) vulnerability exists in Cryptocat Message Handling 1.1.165.

CVE-2013-4110

Cryptocat has an Unspecified Chat Participant User List Disclosure