汇总 easy_chat_server_project 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 跨站脚本与缓冲区溢出,在 软件部署与生产负载 使用场景中可能带来 会话劫持、应用崩溃与内存损坏 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2024-0695 | A vulnerability, which was classified as problematic, has been found in EFS Easy Chat Server 3.1. Affected by this issue is some unknown functionality of the component HTTP GET Request Handler. The manipulation of the argument USERNAME leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251480. NOTE: The vendor was contacted early about this disclosure but did not respond in any | [email protected] | 4.3 | 0.05% | 2024-01-18 | 2024-11-21 |
| CVE-2023-4497 | Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. The XSS is loaded from /users.ghp. | [email protected] | 6.1 | 0.15% | 2023-10-04 | 2024-11-21 |
| CVE-2023-4496 | Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter. | [email protected] | 6.1 | 0.15% | 2023-10-04 | 2024-11-21 |
| CVE-2023-4495 | Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp. | [email protected] | 6.1 | 0.15% | 2023-10-04 | 2024-11-21 |
| CVE-2023-4494 | Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine. | [email protected] | 9.8 | 0.13% | 2023-10-04 | 2024-11-21 |