Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chat vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-24566
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without pas...
Lobehub Lobe Chat
1 Github repository
7.5
CVSSv2
CVE-2018-12426
The WP Live Chat Support Pro plugin prior to 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type.
3cx Live Chat
4.3
CVSSv2
CVE-2019-9913
The wp-live-chat-support plugin prior to 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.
3cx Live Chat
6.8
CVSSv2
CVE-2021-43353
The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisp_plugin_settings_page function found in the ~/crisp.php file, which made it possible for malicious users to inject arbitrary web scripts in versions up to...
Crisp Live Chat
5.8
CVSSv2
CVE-2019-6780
The Wise Chat plugin prior to 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer.
Kaine Wise Chat
1 EDB exploit
4.3
CVSSv2
CVE-2016-10879
The wp-live-chat-support plugin prior to 6.2.02 for WordPress has XSS.
3cx Live Chat
4.3
CVSSv2
CVE-2019-14950
The wp-live-chat-support plugin prior to 8.0.27 for WordPress has XSS via the GDPR page.
3cx Live Chat
4.3
CVSSv2
CVE-2019-13975
eGain Chat 15.0.3 allows HTML Injection.
Egain Chat 15.0.3
5
CVSSv2
CVE-2001-0581
Spytech Spynet Chat Server 6.5 allows a remote malicious user to create a denial of service (crash) via a large number of connections to port 6387.
Spytech Spynet Chat
1 EDB exploit
4.3
CVSSv2
CVE-2018-11105
There is stored cross site scripting in the wp-live-chat-support plugin prior to 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would ini...
3cx Live Chat
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »