// For flags

CVE-2023-4495

Easy Chat Server XSS vulnerability

Severity Score

6.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp.

Easy Chat Server, en su versión 3.1 y anteriores, no cifra suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a través de /registresult.htm (método POST), en el parámetro Resume. El XSS se carga desde /register.ghp.

Easy Address Book Web Server version 1.6 suffers from buffer overflow and cross site scripting vulnerabilities.

*Credits: Rafael Pedrero
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2023-08-23 CVE Reserved
  • 2023-08-31 CVE Published
  • 2024-09-05 CVE Updated
  • 2024-10-10 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
  • CAPEC-63: Cross-Site Scripting (XSS)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Easy Chat Server Project
Search vendor "Easy Chat Server Project"
Easy Chat Server
Search vendor "Easy Chat Server Project" for product "Easy Chat Server"
<= 3.1
Search vendor "Easy Chat Server Project" for product "Easy Chat Server" and version " <= 3.1"
-
Affected