Lucene search
+L
Easy Chat Server ProjectEasy Chat Server

5 matches found

CVE
CVE
added 2023/10/04 12:32 p.m.50 views

CVE-2023-4497

CVE-2023-4497 affects Easy Chat Server (version 3.1 and earlier). The vulnerability is a stored XSS in the Icon parameter, reachable via POST to /registresult.htm and loading data from /users.ghp. Descriptions in multiple sources confirm the issue; CVSS v3.1 base score 6.1 (MEDIUM) with network a...

6.1CVSS5.9AI score0.0037EPSS
CVE
CVE
added 2023/10/04 12:29 p.m.47 views

CVE-2023-4495

The CVE-2023-4495 entry documents an XSS vulnerability in Easy Chat Server (version 3.1 and earlier). The issue arises from insufficient sanitization of user-controlled input stored via the POST endpoint /registresult.htm in the Resume parameter, with the XSS payload being loaded from /register.g...

6.1CVSS5.9AI score0.0037EPSS
CVE
CVE
added 2023/10/04 12:32 p.m.45 views

CVE-2023-4496

CVE-2023-4496 affects Easy Chat Server (version 3.1 and earlier). The vulnerability is a stored Cross-Site Scripting (XSS) in the mtowho parameter of the POST endpoint /body2.ghp, caused by insufficient input encryption. Impact details are limited to XSS risk; no exploit details or active exploit...

6.1CVSS6AI score0.0037EPSS
CVE
CVE
added 2023/10/04 12:27 p.m.44 views

CVE-2023-4494

CVE-2023-4494 concerns Easy Chat Server 3.1. It is described as a stack-based buffer overflow in the handling of a username when accessed via the register.ghp file through a GET request, potentially enabling arbitrary code execution on the remote host. The vulnerability is rated with a high/criti...

9.8CVSS9.8AI score0.009EPSS
CVE
CVE
added 2024/01/18 10:31 p.m.36 views

CVE-2024-0695

CVE-2024-0695 affects EFS Easy Chat Server 3.1. The vulnerability resides in the HTTP GET Request Handler, where manipulating the USERNAME argument causes a remote denial of service. Exploitation is possible remotely and the exploit has been disclosed publicly. Connected sources consistently desc...

5.3CVSS5.3AI score0.00969EPSS