CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15948 – eGain Chat 15.5.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-15948
eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field. eGain Chat versión 15.5.5, permite un ataque de tipo XSS por medio del campo Name (también se conoce como full_name) eGain Chat version 15.5.5 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/163687/eGain-Chat-15.5.5-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13976
https://notcve.org/view.php?id=CVE-2019-13976
eGain Chat 15.0.3 allows unrestricted file upload. eGain Chat versión 15.0.3, permite un ataque de carga de archivos sin restricciones. • https://medium.com/%40dr.spitfire/bypass-file-upload-restrictions-cve-2019-13976-35682bd1fdd3 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13975
https://notcve.org/view.php?id=CVE-2019-13975
eGain Chat 15.0.3 allows HTML Injection. eGain Chat versión 15.0.3, permite una inyección HTML. • https://medium.com/%40dr.spitfire/html-injection-cve-2019-13975-a33aa8ad4d11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •