Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chat vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-39279
discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions before 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting (XSS) attack by inserting unsaf...
Discourse Discourse-chat
7.5
CVSSv2
CVE-2019-12498
The WP Live Chat Support plugin prior to 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.
3cx Live Chat
4.3
CVSSv2
CVE-2019-13975
eGain Chat 15.0.3 allows HTML Injection.
Egain Chat 15.0.3
6.8
CVSSv2
CVE-2021-43353
The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisp_plugin_settings_page function found in the ~/crisp.php file, which made it possible for malicious users to inject arbitrary web scripts in versions up to...
Crisp Live Chat
7.5
CVSSv2
CVE-2019-1010104
TechyTalk Quick Chat WordPress Plugin All up to the latest is affected by: SQL Injection. The impact is: Access to the database. The component is: like_escape is used in Quick-chat.php line 399. The attack vector is: Crafted ajax request.
Techytalk Quick Chat
NA
CVE-2022-36057
Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting (XSS) attack. Version 0.9 contains a patch...
Discourse Discourse-chat
4.3
CVSSv2
CVE-2018-11105
There is stored cross site scripting in the wp-live-chat-support plugin prior to 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would ini...
3cx Live Chat
4.3
CVSSv2
CVE-2019-14950
The wp-live-chat-support plugin prior to 8.0.27 for WordPress has XSS via the GDPR page.
3cx Live Chat
7.5
CVSSv2
CVE-2018-12426
The WP Live Chat Support Pro plugin prior to 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type.
3cx Live Chat
7.5
CVSSv2
CVE-2019-11185
The WP Live Chat Support Pro plugin up to and including 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjun...
3cx Live Chat
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »