Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
chat vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-0954
MOHA Chat 0.1b7 and previous versions does not require authentication for use of the plug in API, which has unknown impact and attack vectors.
Mohachat Moha Chat
9.8
CVSSv3
CVE-2019-11185
The WP Live Chat Support Pro plugin up to and including 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjun...
3cx Live Chat
6.1
CVSSv3
CVE-2019-17176
Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter).
Genesys Eservices Chat
6.1
CVSSv3
CVE-2017-18508
The wp-live-chat-support plugin prior to 7.1.03 for WordPress has XSS.
3cx Live Chat
6.1
CVSSv3
CVE-2019-6780
The Wise Chat plugin prior to 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer.
Kaine Wise Chat
1 EDB exploit
5.3
CVSSv3
CVE-2024-24566
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without pas...
Lobehub Lobe Chat
1 Github repository
NA
CVE-2008-2485
Cross-site scripting (XSS) vulnerability in the URL redirection script (inc/url_redirection.inc.php) in PCPIN Chat prior to 6.11 allows remote malicious users to inject arbitrary web script or HTML via unknown vectors.
Pcpin Pcpin Chat
6.1
CVSSv3
CVE-2018-9864
The WP Live Chat Support plugin prior to 8.0.06 for WordPress has stored XSS via the Name field.
3cx Live Chat
NA
CVE-2010-0217
Zeacom Chat Server prior to 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote malicious users to hijack sessions or cause a denial of service (Chat Server crash or Tomcat daemon crash) via a brute-force attack.
Zeacom Chat Server
8.8
CVSSv3
CVE-2023-32504
Cross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat.This issue affects Wise Chat: from n/a up to and including 3.1.3.
Kaine Wise Chat
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »