Skip to main content

Chat

7 CVEs product

Monthly

CVE-2021-30480 HIGH POC This Week

Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apple Microsoft RCE Chat
NVD
CVSS 3.1
8.8
EPSS
5.8%
CVE-2019-13976 CRITICAL Act Now

eGain Chat 15.0.3 allows unrestricted file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Chat
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-13975 MEDIUM This Month

eGain Chat 15.0.3 allows HTML Injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Chat
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2017-15892 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Chat
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-15886 MEDIUM This Month

Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Synology Chat
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-14486 HIGH This Week

The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Apple Information Disclosure Chat +1
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-11148 MEDIUM This Month

Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Synology Chat
NVD
CVSS 3.0
6.5
EPSS
0.2%
EPSS 6% CVSS 8.8
HIGH POC This Week

Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apple Microsoft RCE +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

eGain Chat 15.0.3 allows unrestricted file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Chat
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

eGain Chat 15.0.3 allows HTML Injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Chat
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Chat
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Synology Chat
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Apple +3
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Synology Chat
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy