17 matches found
CVE-2013-4106
CVE-2013-4106 documents a cross-site scripting (XSS) vulnerability in Cryptocat’s Conversation Overview Nickname feature, affecting versions prior to 2.0.22. The provided sources consistently describe an XSS issue without detailing the root cause, specific exploit vectors, or affected platforms b...
CVE-2013-4108
Technical details about CVE-2013-4108 are not publicly available in the provided documents; no affected products, vectors, or fixes are specified. Monitor for updates from official advisories.
CVE-2013-4109
CVE-2013-4109 describes an unspecified cross-site scripting (XSS) vulnerability in Cryptocat Message Handling 1.1.165. The connected records confirm the affected product/version but do not provide a concrete root cause, exploit details, affected components beyond the Message Handling component, o...
CVE-2013-2258
CVE-2013-2258 affects Cryptocat before 2.0.22, described consistently across multiple connected records as allowing Nickname User Impersonation . The available documents identify the affected product and the basic vulnerability class but do not provide detailed root cause, affected components, ex...
CVE-2013-4101
Cryptocat (versions before 2.0.22) is affected by CVE-2013-4101 due to a Link Markup Decorator HTML Handling Weakness. The vulnerability enables the generation of invalid HTML code within the application’s markup processing. Red Hat and CNVD entries corroborate the same affected version range and...
CVE-2013-4107
CVE-2013-4107 concerns Cryptocat prior to 2.0.22, where the vulnerability lies in cryptocat.js: the function handlePresence() enables a cross-site scripting (XSS) condition. The impact is client-side code execution under attacker-controlled input, reported consistently across multiple sources. Th...
CVE-2013-4104
Cryptocat prior to version 2.0.22 has weak encryption in the Socialist Millionnaire Protocol, leading to potential information disclosure. The vulnerability impacts Cryptocat’s crypto protocol and is fixed in 2.0.22 per multiple sources (e.g., CNVD, RH, NVD). In the cited reports, exploitation le...
CVE-2013-4102
CVE-2013-4102 affects Cryptocat prior to 2.0.22 due to a weakness in strophe.js Math.random() RNG. Public sources in the provided documents describe it as a randomness weakness that can impact confidentiality and integrity (per NVD CVSSv2 6.4, CVSSv3.1 9.1). Connected records repeatedly reference...
CVE-2013-4103
Cryptocat prior to 2.0.22 is vulnerable to Remote Script Injection caused by improper sanitization of user input. Affected software: Cryptocat (versions before 2.0.22). Impact per sources: potential arbitrary script execution in the context of the application. Remediation: upgrade to Cryptocat 2....
CVE-2013-4110
Cryptocat is affected by an information-disclosure vulnerability (CVE-2013-4110) that allows an attacker to obtain the list of chat participants. Public sources in the connected documents describe an unspecified chat participant user-list disclosure within Cryptocat’s implementation. No explicit ...
CVE-2013-2257
CVE-2013-2257 affects Cryptocat prior to version 2.0.42. The issue is described as a Group Chat ECC Private Key Generation Brute Force Weakness, indicating weakness in how ECC private keys for group chats are generated. The public descriptions in connected records consistently reference Cryptocat
CVE-2013-2260
CVE-2013-2260 concerns Cryptocat before 2.0.22, with an entropy weakness in the Cryptocat.random() Function Array Key. The connected documents consistently describe this entropy weakness; explicit exploitation details or mitigations are not provided in the sources.
CVE-2013-4100
Cryptocat is affected by a remote denial-of-service vulnerability in versions before 2.0.22, exploitable via the username parameter. Impact per sources is a denial of service without requiring user interaction. The issue is fixed by upgrading to 2.0.22 or later. Affected product: Cryptocat (open-...
CVE-2013-2259
CVE-2013-2259 affects Cryptocat prior to 2.0.22. The connected records confirm an Arbitrary Code Execution vulnerability in the Cryptocat Firefox Conversation Overview context, with the same pre-2.0.22 version exposure cited across multiple sources (CNVD, Red Hat, NVD, CVE lists). The exact root ...
CVE-2013-2261
CVE-2013-2261 concerns Cryptocat Chrome Extension prior to 2.0.22, where an information disclosure vulnerability is reported via the extension asset “img/keygen.gif.” The public records consistently state a disclosure flaw affecting Cryptocat before 2.0.22, with multiple sources (NVD entry and na...
CVE-2013-4105
Cryptocat before version 2.0.22 is affected by an information disclosure vulnerability in the Multiparty Encryption Scheme. The issue, described across multiple sources, stems from errors during operation/configuration of the networked Cryptocat setup, allowing disclosure of sensitive information...
CVE-2013-2262
The CVE-2013-2262 issue affects Cryptocat’s strophe.js prior to version 2.0.22, where an information-disclosure vulnerability exists. Public sources in connected documents confirm the affected component (strophe.js in Cryptocat) and the security impact as information disclosure; no further techni...