Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web chat vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0898
The Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3 due to insufficient input sanitization and ou...
5
CVSSv2
CVE-2018-18819
A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and previous versions, and 8.0 (8.0.0.40) up to and including 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and previous versions, and 8.0 (8.0.0.40...
Mitel Micollab
Mitel Mivoice Business Express
4.3
CVSSv2
CVE-2012-3308
Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 up to and including 8.5.2.1 allows remote malicious users to inject arbitrary web script or HTML via an IM chat.
Ibm Sametime 8.0.2.0
Ibm Sametime 8.0.2.1
Ibm Sametime 8.5.2.1
Ibm Sametime 8.5.1.1
Ibm Sametime 8.5.2.0
Ibm Sametime 8.5.0.0
Ibm Sametime 8.5.1.0
4.3
CVSSv2
CVE-2006-3345
Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and previous versions, allows remote malicious users to inject arbitrary web script or HTML via a chat line.
Ajax Softwares Alipager
3.5
CVSSv2
CVE-2022-21649
Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an <a> tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "<" or ">&qu...
Convos Convos
NA
CVE-2023-37259
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting (XSS). Since the Expo...
Matrix-react-sdk Project Matrix-react-sdk
Matrix-react-sdk Project Matrix-react-sdk 3.76.0
4.3
CVSSv2
CVE-2017-0110
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote malicious users to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability."
Microsoft Exchange Server 2013
NA
CVE-2024-3595
The Pure Chat – Live Chat Plugin & More! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the purechatwid and purechatwname parameter in all versions up to, and including, 2.22 due to insufficient input sanitization and output escaping. This makes i...
NA
CVE-2022-31455
* A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box.
Truedesk Truedesk 1.2.2
NA
CVE-2023-45696
Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »