Vulnerabilities (CVE)

Filtered by vendor Egain Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15948 1 Egain 1 Chat 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field.
CVE-2019-17123 1 Egain 1 Mail 2024-11-21 5.0 MEDIUM 7.5 HIGH
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, the message parameter can have initial HTML comment characters.)
CVE-2019-13976 1 Egain 1 Chat 2024-11-21 7.5 HIGH 9.8 CRITICAL
eGain Chat 15.0.3 allows unrestricted file upload.
CVE-2019-13975 1 Egain 1 Chat 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
eGain Chat 15.0.3 allows HTML Injection.