Simple Chatbox
Monthly
SQL injection in code-projects Simple ChatBox up to version 1.0 allows remote unauthenticated attackers to execute arbitrary SQL queries via manipulation of the msg parameter in the /chatbox/insert.php endpoint, leading to confidentiality and integrity compromise. The vulnerability has a CVSS score of 6.9 and publicly available exploit code exists, increasing real-world risk despite the moderate base score.
Remote file and directory information exposure in code-projects Simple ChatBox 1.0 allows unauthenticated attackers to disclose sensitive file paths and directory structures via manipulation of the SimpleChatbox_PHP endpoint. The vulnerability affects the chatbox.sql component and has publicly available exploit code; attackers can enumerate filesystem information without authentication or user interaction, creating risk for reconnaissance and secondary attack planning.
Cross-site scripting (XSS) in Simple ChatBox up to version 1.0 allows remote attackers to inject malicious scripts via the msg parameter in the /chatbox/insert.php endpoint, with user interaction required. The vulnerability has publicly available exploit code and affects the PHP-based chat application component. Impact is limited to integrity of user sessions, but the attack vector is remote and requires no authentication.
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQL injection in code-projects Simple ChatBox up to version 1.0 allows remote unauthenticated attackers to execute arbitrary SQL queries via manipulation of the msg parameter in the /chatbox/insert.php endpoint, leading to confidentiality and integrity compromise. The vulnerability has a CVSS score of 6.9 and publicly available exploit code exists, increasing real-world risk despite the moderate base score.
Remote file and directory information exposure in code-projects Simple ChatBox 1.0 allows unauthenticated attackers to disclose sensitive file paths and directory structures via manipulation of the SimpleChatbox_PHP endpoint. The vulnerability affects the chatbox.sql component and has publicly available exploit code; attackers can enumerate filesystem information without authentication or user interaction, creating risk for reconnaissance and secondary attack planning.
Cross-site scripting (XSS) in Simple ChatBox up to version 1.0 allows remote attackers to inject malicious scripts via the msg parameter in the /chatbox/insert.php endpoint, with user interaction required. The vulnerability has publicly available exploit code and affects the PHP-based chat application component. Impact is limited to integrity of user sessions, but the attack vector is remote and requires no authentication.
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.