CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-15948 – eGain Chat 15.5.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-15948
28 Jul 2021 — eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field. eGain Chat versión 15.5.5, permite un ataque de tipo XSS por medio del campo Name (también se conoce como full_name) eGain Chat version 15.5.5 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/163687 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 13%CPEs: 3EXPL: 1CVE-2021-30480
https://notcve.org/view.php?id=CVE-2021-30480
09 Apr 2021 — Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software. Zoom Chat versión hasta el 09-04-2021 en Windows y macOS, permite a determinados atacantes autenticados remotam... • https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/04/zoom-zero-day-discovery-makes-calls-safer-hackers-200000-richer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13976
https://notcve.org/view.php?id=CVE-2019-13976
04 Sep 2019 — eGain Chat 15.0.3 allows unrestricted file upload. eGain Chat versión 15.0.3, permite un ataque de carga de archivos sin restricciones. • https://medium.com/%40dr.spitfire/bypass-file-upload-restrictions-cve-2019-13976-35682bd1fdd3 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13975
https://notcve.org/view.php?id=CVE-2019-13975
04 Sep 2019 — eGain Chat 15.0.3 allows HTML Injection. eGain Chat versión 15.0.3, permite una inyección HTML. • https://medium.com/%40dr.spitfire/html-injection-cve-2019-13975-a33aa8ad4d11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15886
https://notcve.org/view.php?id=CVE-2017-15886
28 Dec 2017 — Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. Una vulnerabilidad Server-Side Request Forgery (SSRF) en Link Preview en Synology Chat en versiones anteriores a la 2.0.0-1124 permite que usuarios remotos autenticados descarguen archivos locales arbitrarios mediante un URI manipulado. • https://www.synology.com/en-global/support/security/Synology_SA_17_78 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15892
https://notcve.org/view.php?id=CVE-2017-15892
28 Dec 2017 — Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en Slash Command Creator en Synology Chat, en versiones anteriores a la 2.0.0-1124 permiten que usuarios remotos autenticados inyecten scripts web o HTML arbitrarios mediante los parámetros (1) COMM... • https://www.synology.com/en-global/support/security/Synology_SA_17_78 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11148
https://notcve.org/view.php?id=CVE-2017-11148
11 Aug 2017 — Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors. Una vulnerabilidad de tipo server-side request forgery (SSRF) en la previsualización de enlaces en Synology Chat en versiones anteriores a la 1.1.0-0806 permite que usuarios remotos autenticados accedan a recursos de la intranet mediante vectores sin especificar. • http://www.securityfocus.com/bid/100310 • CWE-918: Server-Side Request Forgery (SSRF) •