Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
21 vulnerabilities found for chatengine by chatengine_project
FKIE_CVE-2023-30321
Vulnerability from fkie_nvd - Published: 2023-07-06 16:15 - Updated: 2024-11-21 08:00
Severity ?
Summary
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chatengine_project | chatengine | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatengine_project:chatengine:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD65373-638B-4FCC-B56A-6EAC43DDCA86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code."
}
],
"id": "CVE-2023-30321",
"lastModified": "2024-11-21T08:00:01.770",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-06T16:15:09.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L55:L64"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-loginservlet-java-wliang6-chatengine-allows-attackers-to-execute-arbitrary-code/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L55:L64"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-loginservlet-java-wliang6-chatengine-allows-attackers-to-execute-arbitrary-code/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-30320
Vulnerability from fkie_nvd - Published: 2023-07-06 16:15 - Updated: 2024-11-21 08:00
Severity ?
Summary
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chatengine_project | chatengine | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatengine_project:chatengine:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD65373-638B-4FCC-B56A-6EAC43DDCA86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code."
}
],
"id": "CVE-2023-30320",
"lastModified": "2024-11-21T08:00:01.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-06T16:15:09.950",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://github.com/wliang6/ChatEngine/blob/master/src/chatbotapp/chatWindow.java#L71:L81"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-wliang6-chatengine-allows-attackers-execute-arbitrary-code/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://github.com/wliang6/ChatEngine/blob/master/src/chatbotapp/chatWindow.java#L71:L81"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-wliang6-chatengine-allows-attackers-execute-arbitrary-code/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-30319
Vulnerability from fkie_nvd - Published: 2023-07-06 16:15 - Updated: 2024-11-21 08:00
Severity ?
Summary
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chatengine_project | chatengine | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatengine_project:chatengine:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD65373-638B-4FCC-B56A-6EAC43DDCA86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code."
}
],
"id": "CVE-2023-30319",
"lastModified": "2024-11-21T08:00:01.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-06T16:15:09.903",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://github.com/wliang6/ChatEngine/blame/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L30:L40"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://payatu.com/advisory/cross-site-scripting-xxs-vulnerability-in-wliang6-chatengine/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://github.com/wliang6/ChatEngine/blame/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L30:L40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://payatu.com/advisory/cross-site-scripting-xxs-vulnerability-in-wliang6-chatengine/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-30326
Vulnerability from fkie_nvd - Published: 2023-07-06 15:15 - Updated: 2024-11-21 08:00
Severity ?
Summary
Cross Site Scripting (XSS) vulnerability in username field in /WebContent/WEB-INF/lib/chatbox.jsp in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chatengine_project | chatengine | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatengine_project:chatengine:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD65373-638B-4FCC-B56A-6EAC43DDCA86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in username field in /WebContent/WEB-INF/lib/chatbox.jsp in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code."
}
],
"id": "CVE-2023-30326",
"lastModified": "2024-11-21T08:00:02.550",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-06T15:15:15.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/wliang6/ChatEngine/blob/master/WebContent/WEB-INF/lib/chatbox.jsp#L12"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://payatu.com/advisory/cross-site-scripting-vulnerability-in-username-field-in-chatbox-functionality-in-chatengine-1-0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/wliang6/ChatEngine/blob/master/WebContent/WEB-INF/lib/chatbox.jsp#L12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://payatu.com/advisory/cross-site-scripting-vulnerability-in-username-field-in-chatbox-functionality-in-chatengine-1-0/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-30325
Vulnerability from fkie_nvd - Published: 2023-07-06 15:15 - Updated: 2024-11-21 08:00
Severity ?
Summary
SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chatengine_project | chatengine | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatengine_project:chatengine:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD65373-638B-4FCC-B56A-6EAC43DDCA86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information."
}
],
"id": "CVE-2023-30325",
"lastModified": "2024-11-21T08:00:02.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-06T15:15:15.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/chatWindow.java#L33:L60"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://payatu.com/advisory/sql-injection-vulnerability-in-textmessage-field-in-chatengine-1-0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/chatWindow.java#L33:L60"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://payatu.com/advisory/sql-injection-vulnerability-in-textmessage-field-in-chatengine-1-0/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-30322
Vulnerability from fkie_nvd - Published: 2023-07-06 15:15 - Updated: 2024-11-21 08:00
Severity ?
Summary
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chatengine_project | chatengine | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatengine_project:chatengine:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD65373-638B-4FCC-B56A-6EAC43DDCA86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to execute arbitrary code."
}
],
"id": "CVE-2023-30322",
"lastModified": "2024-11-21T08:00:01.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-06T15:15:15.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/wliang6/ChatEngine/blob/master/src/chatbotapp/chatWindow.java#L71:L81"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://payatu.com/advisory/cross-site-scripting-xss-in-username-field-in-chatwindow-functionality-in-chatengine-1-0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/wliang6/ChatEngine/blob/master/src/chatbotapp/chatWindow.java#L71:L81"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://payatu.com/advisory/cross-site-scripting-xss-in-username-field-in-chatwindow-functionality-in-chatengine-1-0/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-30323
Vulnerability from fkie_nvd - Published: 2023-07-06 15:15 - Updated: 2024-11-21 08:00
Severity ?
Summary
SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chatengine_project | chatengine | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatengine_project:chatengine:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD65373-638B-4FCC-B56A-6EAC43DDCA86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information."
}
],
"id": "CVE-2023-30323",
"lastModified": "2024-11-21T08:00:02.177",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-06T15:15:15.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/chatWindow.java#L34:L60"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://payatu.com/advisory/sql-injection-in-chatwindow-functionality-in-chatengine-1-0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/chatWindow.java#L34:L60"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://payatu.com/advisory/sql-injection-in-chatwindow-functionality-in-chatengine-1-0/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-30322 (GCVE-0-2023-30322)
Vulnerability from cvelistv5 – Published: 2023-07-06 00:00 – Updated: 2024-11-20 19:50
VLAI?
Summary
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wliang6/ChatEngine/blob/master/src/chatbotapp/chatWindow.java#L71:L81"
},
{
"tags": [
"x_transferred"
],
"url": "https://payatu.com/advisory/cross-site-scripting-xss-in-username-field-in-chatwindow-functionality-in-chatengine-1-0/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T19:50:42.433292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T19:50:54.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/wliang6/ChatEngine/blob/master/src/chatbotapp/chatWindow.java#L71:L81"
},
{
"url": "https://payatu.com/advisory/cross-site-scripting-xss-in-username-field-in-chatwindow-functionality-in-chatengine-1-0/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-30322",
"datePublished": "2023-07-06T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2024-11-20T19:50:54.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30319 (GCVE-0-2023-30319)
Vulnerability from cvelistv5 – Published: 2023-07-06 00:00 – Updated: 2024-11-20 19:59
VLAI?
Summary
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wliang6/ChatEngine/blame/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L30:L40"
},
{
"tags": [
"x_transferred"
],
"url": "https://payatu.com/advisory/cross-site-scripting-xxs-vulnerability-in-wliang6-chatengine/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30319",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T19:58:49.427623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T19:59:12.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/wliang6/ChatEngine/blame/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L30:L40"
},
{
"url": "https://payatu.com/advisory/cross-site-scripting-xxs-vulnerability-in-wliang6-chatengine/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-30319",
"datePublished": "2023-07-06T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2024-11-20T19:59:12.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30325 (GCVE-0-2023-30325)
Vulnerability from cvelistv5 – Published: 2023-07-06 00:00 – Updated: 2024-11-19 19:07
VLAI?
Summary
SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/chatWindow.java#L33:L60"
},
{
"tags": [
"x_transferred"
],
"url": "https://payatu.com/advisory/sql-injection-vulnerability-in-textmessage-field-in-chatengine-1-0/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T19:07:19.943202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:07:39.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/chatWindow.java#L33:L60"
},
{
"url": "https://payatu.com/advisory/sql-injection-vulnerability-in-textmessage-field-in-chatengine-1-0/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-30325",
"datePublished": "2023-07-06T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2024-11-19T19:07:39.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30323 (GCVE-0-2023-30323)
Vulnerability from cvelistv5 – Published: 2023-07-06 00:00 – Updated: 2024-11-20 19:50
VLAI?
Summary
SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/chatWindow.java#L34:L60"
},
{
"tags": [
"x_transferred"
],
"url": "https://payatu.com/advisory/sql-injection-in-chatwindow-functionality-in-chatengine-1-0/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T19:49:52.143474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T19:50:00.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/chatWindow.java#L34:L60"
},
{
"url": "https://payatu.com/advisory/sql-injection-in-chatwindow-functionality-in-chatengine-1-0/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-30323",
"datePublished": "2023-07-06T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2024-11-20T19:50:00.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30321 (GCVE-0-2023-30321)
Vulnerability from cvelistv5 – Published: 2023-07-06 00:00 – Updated: 2024-11-20 19:53
VLAI?
Summary
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L55:L64"
},
{
"tags": [
"x_transferred"
],
"url": "https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-loginservlet-java-wliang6-chatengine-allows-attackers-to-execute-arbitrary-code/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T19:53:31.243423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T19:53:41.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L55:L64"
},
{
"url": "https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-loginservlet-java-wliang6-chatengine-allows-attackers-to-execute-arbitrary-code/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-30321",
"datePublished": "2023-07-06T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2024-11-20T19:53:41.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30320 (GCVE-0-2023-30320)
Vulnerability from cvelistv5 – Published: 2023-07-06 00:00 – Updated: 2024-11-20 19:57
VLAI?
Summary
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wliang6/ChatEngine/blob/master/src/chatbotapp/chatWindow.java#L71:L81"
},
{
"tags": [
"x_transferred"
],
"url": "https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-wliang6-chatengine-allows-attackers-execute-arbitrary-code/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T19:57:52.774809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T19:57:59.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/wliang6/ChatEngine/blob/master/src/chatbotapp/chatWindow.java#L71:L81"
},
{
"url": "https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-wliang6-chatengine-allows-attackers-execute-arbitrary-code/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-30320",
"datePublished": "2023-07-06T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2024-11-20T19:57:59.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30326 (GCVE-0-2023-30326)
Vulnerability from cvelistv5 – Published: 2023-07-06 00:00 – Updated: 2024-11-19 19:06
VLAI?
Summary
Cross Site Scripting (XSS) vulnerability in username field in /WebContent/WEB-INF/lib/chatbox.jsp in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wliang6/ChatEngine/blob/master/WebContent/WEB-INF/lib/chatbox.jsp#L12"
},
{
"tags": [
"x_transferred"
],
"url": "https://payatu.com/advisory/cross-site-scripting-vulnerability-in-username-field-in-chatbox-functionality-in-chatengine-1-0/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T19:06:39.670118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:06:50.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in username field in /WebContent/WEB-INF/lib/chatbox.jsp in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/wliang6/ChatEngine/blob/master/WebContent/WEB-INF/lib/chatbox.jsp#L12"
},
{
"url": "https://payatu.com/advisory/cross-site-scripting-vulnerability-in-username-field-in-chatbox-functionality-in-chatengine-1-0/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-30326",
"datePublished": "2023-07-06T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2024-11-19T19:06:50.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30322 (GCVE-0-2023-30322)
Vulnerability from nvd – Published: 2023-07-06 00:00 – Updated: 2024-11-20 19:50
VLAI?
Summary
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wliang6/ChatEngine/blob/master/src/chatbotapp/chatWindow.java#L71:L81"
},
{
"tags": [
"x_transferred"
],
"url": "https://payatu.com/advisory/cross-site-scripting-xss-in-username-field-in-chatwindow-functionality-in-chatengine-1-0/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T19:50:42.433292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T19:50:54.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/wliang6/ChatEngine/blob/master/src/chatbotapp/chatWindow.java#L71:L81"
},
{
"url": "https://payatu.com/advisory/cross-site-scripting-xss-in-username-field-in-chatwindow-functionality-in-chatengine-1-0/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-30322",
"datePublished": "2023-07-06T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2024-11-20T19:50:54.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30319 (GCVE-0-2023-30319)
Vulnerability from nvd – Published: 2023-07-06 00:00 – Updated: 2024-11-20 19:59
VLAI?
Summary
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wliang6/ChatEngine/blame/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L30:L40"
},
{
"tags": [
"x_transferred"
],
"url": "https://payatu.com/advisory/cross-site-scripting-xxs-vulnerability-in-wliang6-chatengine/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30319",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T19:58:49.427623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T19:59:12.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/wliang6/ChatEngine/blame/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L30:L40"
},
{
"url": "https://payatu.com/advisory/cross-site-scripting-xxs-vulnerability-in-wliang6-chatengine/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-30319",
"datePublished": "2023-07-06T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2024-11-20T19:59:12.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30325 (GCVE-0-2023-30325)
Vulnerability from nvd – Published: 2023-07-06 00:00 – Updated: 2024-11-19 19:07
VLAI?
Summary
SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/chatWindow.java#L33:L60"
},
{
"tags": [
"x_transferred"
],
"url": "https://payatu.com/advisory/sql-injection-vulnerability-in-textmessage-field-in-chatengine-1-0/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T19:07:19.943202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:07:39.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/chatWindow.java#L33:L60"
},
{
"url": "https://payatu.com/advisory/sql-injection-vulnerability-in-textmessage-field-in-chatengine-1-0/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-30325",
"datePublished": "2023-07-06T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2024-11-19T19:07:39.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30323 (GCVE-0-2023-30323)
Vulnerability from nvd – Published: 2023-07-06 00:00 – Updated: 2024-11-20 19:50
VLAI?
Summary
SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/chatWindow.java#L34:L60"
},
{
"tags": [
"x_transferred"
],
"url": "https://payatu.com/advisory/sql-injection-in-chatwindow-functionality-in-chatengine-1-0/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T19:49:52.143474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T19:50:00.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/chatWindow.java#L34:L60"
},
{
"url": "https://payatu.com/advisory/sql-injection-in-chatwindow-functionality-in-chatengine-1-0/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-30323",
"datePublished": "2023-07-06T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2024-11-20T19:50:00.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30321 (GCVE-0-2023-30321)
Vulnerability from nvd – Published: 2023-07-06 00:00 – Updated: 2024-11-20 19:53
VLAI?
Summary
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L55:L64"
},
{
"tags": [
"x_transferred"
],
"url": "https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-loginservlet-java-wliang6-chatengine-allows-attackers-to-execute-arbitrary-code/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T19:53:31.243423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T19:53:41.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L55:L64"
},
{
"url": "https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-loginservlet-java-wliang6-chatengine-allows-attackers-to-execute-arbitrary-code/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-30321",
"datePublished": "2023-07-06T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2024-11-20T19:53:41.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30320 (GCVE-0-2023-30320)
Vulnerability from nvd – Published: 2023-07-06 00:00 – Updated: 2024-11-20 19:57
VLAI?
Summary
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wliang6/ChatEngine/blob/master/src/chatbotapp/chatWindow.java#L71:L81"
},
{
"tags": [
"x_transferred"
],
"url": "https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-wliang6-chatengine-allows-attackers-execute-arbitrary-code/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T19:57:52.774809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T19:57:59.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/wliang6/ChatEngine/blob/master/src/chatbotapp/chatWindow.java#L71:L81"
},
{
"url": "https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-wliang6-chatengine-allows-attackers-execute-arbitrary-code/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-30320",
"datePublished": "2023-07-06T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2024-11-20T19:57:59.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30326 (GCVE-0-2023-30326)
Vulnerability from nvd – Published: 2023-07-06 00:00 – Updated: 2024-11-19 19:06
VLAI?
Summary
Cross Site Scripting (XSS) vulnerability in username field in /WebContent/WEB-INF/lib/chatbox.jsp in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wliang6/ChatEngine/blob/master/WebContent/WEB-INF/lib/chatbox.jsp#L12"
},
{
"tags": [
"x_transferred"
],
"url": "https://payatu.com/advisory/cross-site-scripting-vulnerability-in-username-field-in-chatbox-functionality-in-chatengine-1-0/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T19:06:39.670118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:06:50.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in username field in /WebContent/WEB-INF/lib/chatbox.jsp in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/wliang6/ChatEngine/blob/master/WebContent/WEB-INF/lib/chatbox.jsp#L12"
},
{
"url": "https://payatu.com/advisory/cross-site-scripting-vulnerability-in-username-field-in-chatbox-functionality-in-chatengine-1-0/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-30326",
"datePublished": "2023-07-06T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2024-11-19T19:06:50.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}