Web Chat Security Vulnerabilities and Issues — Web Chat CVE List

Lucene search

EnghouseWeb Chat

3 matches found

CVE•added 2020/09/03 3:15 p.m.•35 views

CVE-2020-13972

Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the POST request is displayed, and any JavaScript returned from the external server is executed in the browser. This is related to CVE-2019-16951.

6.1CVSS5.3AI score0.00356EPSS

CVE•added 2019/11/13 6:15 p.m.•33 views

CVE-2019-16949

An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. A user is allowed to send an archive of their chat log to an email address specified at the beginning of the chat (where the user enters in their name and e-mail address). This POST request can be modified to change the message...

6.5CVSS6.3AI score0.00296EPSS

CVE•added 2019/11/13 7:15 p.m.•28 views

CVE-2019-16950

An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. The QueueName parameter of a GET request allows for insertion of user-supplied JavaScript.

6.1CVSS6AI score0.00328EPSS