Lucene search
K
Cryptocat ProjectCryptocat

17 matches found

CVE
CVE
added 2019/11/14 7:56 p.m.54 views

CVE-2013-4106

CVE-2013-4106 documents a cross-site scripting (XSS) vulnerability in Cryptocat’s Conversation Overview Nickname feature, affecting versions prior to 2.0.22. The provided sources consistently describe an XSS issue without detailing the root cause, specific exploit vectors, or affected platforms b...

6.1CVSS6AI score0.01473EPSS
CVE
CVE
added 2019/11/14 7:14 p.m.52 views

CVE-2013-4108

Technical details about CVE-2013-4108 are not publicly available in the provided documents; no affected products, vectors, or fixes are specified. Monitor for updates from official advisories.

9.8CVSS9.4AI score0.01543EPSS
CVE
CVE
added 2019/11/14 7:0 p.m.49 views

CVE-2013-4109

CVE-2013-4109 describes an unspecified cross-site scripting (XSS) vulnerability in Cryptocat Message Handling 1.1.165. The connected records confirm the affected product/version but do not provide a concrete root cause, exploit details, affected components beyond the Message Handling component, o...

6.1CVSS6AI score0.01708EPSS
CVE
CVE
added 2019/11/04 4:35 p.m.48 views

CVE-2013-2258

CVE-2013-2258 affects Cryptocat before 2.0.22, described consistently across multiple connected records as allowing Nickname User Impersonation . The available documents identify the affected product and the basic vulnerability class but do not provide detailed root cause, affected components, ex...

5.3CVSS5.3AI score0.0136EPSS
CVE
CVE
added 2019/11/04 2:52 p.m.48 views

CVE-2013-4101

Cryptocat (versions before 2.0.22) is affected by CVE-2013-4101 due to a Link Markup Decorator HTML Handling Weakness. The vulnerability enables the generation of invalid HTML code within the application’s markup processing. Red Hat and CNVD entries corroborate the same affected version range and...

5.3CVSS5.3AI score0.0136EPSS
CVE
CVE
added 2019/11/05 12:47 p.m.45 views

CVE-2013-4107

CVE-2013-4107 concerns Cryptocat prior to 2.0.22, where the vulnerability lies in cryptocat.js: the function handlePresence() enables a cross-site scripting (XSS) condition. The impact is client-side code execution under attacker-controlled input, reported consistently across multiple sources. Th...

6.1CVSS6.1AI score0.0111EPSS
CVE
CVE
added 2019/11/04 3:40 p.m.44 views

CVE-2013-4104

Cryptocat prior to version 2.0.22 has weak encryption in the Socialist Millionnaire Protocol, leading to potential information disclosure. The vulnerability impacts Cryptocat’s crypto protocol and is fixed in 2.0.22 per multiple sources (e.g., CNVD, RH, NVD). In the cited reports, exploitation le...

7.5CVSS7.5AI score0.00761EPSS
CVE
CVE
added 2019/11/04 2:45 p.m.42 views

CVE-2013-4102

CVE-2013-4102 affects Cryptocat prior to 2.0.22 due to a weakness in strophe.js Math.random() RNG. Public sources in the provided documents describe it as a randomness weakness that can impact confidentiality and integrity (per NVD CVSSv2 6.4, CVSSv3.1 9.1). Connected records repeatedly reference...

9.1CVSS9.1AI score0.0197EPSS
CVE
CVE
added 2019/11/04 2:41 p.m.42 views

CVE-2013-4103

Cryptocat prior to 2.0.22 is vulnerable to Remote Script Injection caused by improper sanitization of user input. Affected software: Cryptocat (versions before 2.0.22). Impact per sources: potential arbitrary script execution in the context of the application. Remediation: upgrade to Cryptocat 2....

9.8CVSS9.5AI score0.0687EPSS
CVE
CVE
added 2019/11/05 12:51 p.m.42 views

CVE-2013-4110

Cryptocat is affected by an information-disclosure vulnerability (CVE-2013-4110) that allows an attacker to obtain the list of chat participants. Public sources in the connected documents describe an unspecified chat participant user-list disclosure within Cryptocat’s implementation. No explicit ...

5.3CVSS5.3AI score0.01997EPSS
CVE
CVE
added 2019/11/04 4:41 p.m.41 views

CVE-2013-2257

CVE-2013-2257 affects Cryptocat prior to version 2.0.42. The issue is described as a Group Chat ECC Private Key Generation Brute Force Weakness, indicating weakness in how ECC private keys for group chats are generated. The public descriptions in connected records consistently reference Cryptocat

7.5CVSS7.5AI score0.01737EPSS
CVE
CVE
added 2019/11/04 4:15 p.m.41 views

CVE-2013-2260

CVE-2013-2260 concerns Cryptocat before 2.0.22, with an entropy weakness in the Cryptocat.random() Function Array Key. The connected documents consistently describe this entropy weakness; explicit exploitation details or mitigations are not provided in the sources.

9.8CVSS9.4AI score0.02162EPSS
CVE
CVE
added 2019/11/04 2:55 p.m.40 views

CVE-2013-4100

Cryptocat is affected by a remote denial-of-service vulnerability in versions before 2.0.22, exploitable via the username parameter. Impact per sources is a denial of service without requiring user interaction. The issue is fixed by upgrading to 2.0.22 or later. Affected product: Cryptocat (open-...

7.5CVSS7.6AI score0.02357EPSS
CVE
CVE
added 2019/11/04 4:32 p.m.39 views

CVE-2013-2259

CVE-2013-2259 affects Cryptocat prior to 2.0.22. The connected records confirm an Arbitrary Code Execution vulnerability in the Cryptocat Firefox Conversation Overview context, with the same pre-2.0.22 version exposure cited across multiple sources (CNVD, Red Hat, NVD, CVE lists). The exact root ...

9.8CVSS9.4AI score0.03669EPSS
CVE
CVE
added 2019/11/04 3:43 p.m.37 views

CVE-2013-2261

CVE-2013-2261 concerns Cryptocat Chrome Extension prior to 2.0.22, where an information disclosure vulnerability is reported via the extension asset “img/keygen.gif.” The public records consistently state a disclosure flaw affecting Cryptocat before 2.0.22, with multiple sources (NVD entry and na...

7.5CVSS7.3AI score0.11065EPSS
CVE
CVE
added 2019/11/04 4:27 p.m.37 views

CVE-2013-4105

Cryptocat before version 2.0.22 is affected by an information disclosure vulnerability in the Multiparty Encryption Scheme. The issue, described across multiple sources, stems from errors during operation/configuration of the networked Cryptocat setup, allowing disclosure of sensitive information...

7.5CVSS7.3AI score0.01126EPSS
CVE
CVE
added 2019/11/04 3:50 p.m.35 views

CVE-2013-2262

The CVE-2013-2262 issue affects Cryptocat’s strophe.js prior to version 2.0.22, where an information-disclosure vulnerability exists. Public sources in connected documents confirm the affected component (strophe.js in Cryptocat) and the security impact as information disclosure; no further techni...

7.5CVSS7.2AI score0.01926EPSS