Aggregates CVE and security vulnerability intelligence across all chinasea-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk path handling and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-44164 | Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in order to take control of the system or terminate service. | [email protected] | 9.8 | 3.05% | 2021-12-20 | 2024-11-21 |
| CVE-2021-44163 | Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authentication. | [email protected] | 6.1 | 0.19% | 2021-12-20 | 2024-11-21 |
| CVE-2021-44162 | Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. The function has improper filtering of special characters in URL parameters, which allows a remote attacker to download arbitrary system files without authentication. | [email protected] | 7.5 | 0.42% | 2021-12-20 | 2024-11-21 |