Skip to main content

Chat Anywhere

1 CVEs product

Monthly

CVE-2018-20524 MEDIUM POC This Month

The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of <<a> in a message, because a danmuWrapper DIV element in chatbox-only\danmu.js is outside the scope of a Content Security. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Chat Anywhere
NVD
CVSS 3.0
6.1
EPSS
0.7%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of <<a> in a message, because a danmuWrapper DIV element in chatbox-only\danmu.js is outside the scope of a Content Security. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Chat Anywhere
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy