Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Easy Chat Server Project Subscribe
Filtered by product Easy Chat Server
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-0695 1 Easy Chat Server Project 1 Easy Chat Server 2024-04-11 4.0 MEDIUM 5.3 MEDIUM
A vulnerability, which was classified as problematic, has been found in EFS Easy Chat Server 3.1. Affected by this issue is some unknown functionality of the component HTTP GET Request Handler. The manipulation of the argument USERNAME leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251480. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-4497 1 Easy Chat Server Project 1 Easy Chat Server 2023-12-10 N/A 6.1 MEDIUM
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. The XSS is loaded from /users.ghp.
CVE-2023-4496 1 Easy Chat Server Project 1 Easy Chat Server 2023-12-10 N/A 6.1 MEDIUM
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter.
CVE-2023-4494 1 Easy Chat Server Project 1 Easy Chat Server 2023-12-10 N/A 9.8 CRITICAL
Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine.
CVE-2023-4495 1 Easy Chat Server Project 1 Easy Chat Server 2023-12-10 N/A 6.1 MEDIUM
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp.