5 matches found
CVE-2023-4497
CVE-2023-4497 affects Easy Chat Server (version 3.1 and earlier). The vulnerability is a stored XSS in the Icon parameter, reachable via POST to /registresult.htm and loading data from /users.ghp. Descriptions in multiple sources confirm the issue; CVSS v3.1 base score 6.1 (MEDIUM) with network a...
CVE-2023-4495
The CVE-2023-4495 entry documents an XSS vulnerability in Easy Chat Server (version 3.1 and earlier). The issue arises from insufficient sanitization of user-controlled input stored via the POST endpoint /registresult.htm in the Resume parameter, with the XSS payload being loaded from /register.g...
CVE-2023-4496
CVE-2023-4496 affects Easy Chat Server (version 3.1 and earlier). The vulnerability is a stored Cross-Site Scripting (XSS) in the mtowho parameter of the POST endpoint /body2.ghp, caused by insufficient input encryption. Impact details are limited to XSS risk; no exploit details or active exploit...
CVE-2023-4494
CVE-2023-4494 concerns Easy Chat Server 3.1. It is described as a stack-based buffer overflow in the handling of a username when accessed via the register.ghp file through a GET request, potentially enabling arbitrary code execution on the remote host. The vulnerability is rated with a high/criti...
CVE-2024-0695
CVE-2024-0695 affects EFS Easy Chat Server 3.1. The vulnerability resides in the HTTP GET Request Handler, where manipulating the USERNAME argument causes a remote denial of service. Exploitation is possible remotely and the exploit has been disclosed publicly. Connected sources consistently desc...