Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chat vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-0954
MOHA Chat 0.1b7 and previous versions does not require authentication for use of the plug in API, which has unknown impact and attack vectors.
Mohachat Moha Chat
6.1
CVSSv3
CVE-2020-15948
eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field.
Egain Chat 15.5.5
8.8
CVSSv3
CVE-2021-43353
The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisp_plugin_settings_page function found in the ~/crisp.php file, which made it possible for malicious users to inject arbitrary web scripts in versions up to...
Crisp Live Chat
4.8
CVSSv3
CVE-2022-46817
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flyzoo Flyzoo Chat plugin <= 2.3.3 versions.
Flyzoo Flyzoo Chat
5.3
CVSSv3
CVE-2024-24566
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without pas...
Lobehub Lobe Chat
1 Github repository
5.4
CVSSv3
CVE-2022-39279
discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions before 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting (XSS) attack by inserting unsaf...
Discourse Discourse-chat
4.8
CVSSv3
CVE-2023-23727
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Formilla Live Chat by Formilla plugin <= 1.3 versions.
Formilla Live Chat
6.1
CVSSv3
CVE-2019-6780
The Wise Chat plugin prior to 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer.
Kaine Wise Chat
1 EDB exploit
6.1
CVSSv3
CVE-2019-17176
Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter).
Genesys Eservices Chat
6.1
CVSSv3
CVE-2017-18508
The wp-live-chat-support plugin prior to 7.1.03 for WordPress has XSS.
3cx Live Chat
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
malicious code
camera
CVE-2023-46694
CVE-2023-43847
CVE-2023-30311
CVE-2024-27842
CVE-2024-30165
arbitrary code
CVE-2024-21683
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »