Lucene search
+L
EnghouseWeb Chat

5 matches found

CVE
CVE
added 2020/09/03 2:36 p.m.53 views

CVE-2020-13972

CVE-2020-13972 in Enghouse Web Chat 6.2.284.34 is an XSS vulnerability triggered when a user supplies their own domain in the WebServiceLocation parameter; the POST response can display external JavaScript from a attacker-controlled server. This entry is tied to CVE-2019-16951, which Red Hat and ...

6.1CVSS5.3AI score0.00686EPSS
CVE
CVE
added 2019/11/13 5:37 p.m.48 views

CVE-2019-16949

Enghouse Web Chat 6.1.300.31 and 6.2.284.34 contain an issue where a user can abuse a chat-log archive sending feature. A POST request at chat start allows altering the message and the end recipient’s address, which will share the log with an address having the same domain/user as the product all...

6.5CVSS6.3AI score0.00783EPSS
CVE
CVE
added 2019/11/13 5:1 p.m.47 views

CVE-2019-16948

CVE-2019-16948 is an SSRF vulnerability in Enghouse Web Chat 6.1.300.31. In any POST request, an attacker can replace the port in WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to infer what is visible on the internal network, as the response differs between open an...

9.8CVSS9.2AI score0.01335EPSS
Web
CVE
CVE
added 2019/11/13 6:12 p.m.44 views

CVE-2019-16950

CVE-2019-16950 affects Enghouse Web Chat versions 6.1.300.31 and 6.2.284.34. The issue is an XSS where the QueueName parameter of a GET request allows insertion of user-supplied JavaScript due to insufficient input validation. Red Hat and CNVD entries corroborate a cross-site scripting vulnerabil...

6.1CVSS6AI score0.00686EPSS
CVE
CVE
added 2019/11/13 6:47 p.m.43 views

CVE-2019-16951

Enghouse Web Chat 6.2.284.34 is affected by a remote file include (RFI) vulnerability (CVE-2019-16951). The issue allows an attacker to substitute the localhost attribute with an attacker-controlled domain; after a POST, the product calls that domain and may return data that reveals sensitive inf...

5.3CVSS5.6AI score0.00952EPSS