Skip to main content

Qb Smart Service Robot

3 CVEs product

Monthly

CVE-2021-44164 CRITICAL Act Now

Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Qb Smart Service Robot
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-44163 MEDIUM This Month

Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Qb Smart Service Robot
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-44162 HIGH This Week

Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Qb Smart Service Robot
NVD
CVSS 3.1
7.5
EPSS
1.7%
EPSS 2% CVSS 9.8
CRITICAL Act Now

Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Qb Smart Service Robot
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Qb Smart Service Robot
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Qb Smart Service Robot
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy