Filtered by vendor Egain
Subscribe
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-15948 | 1 Egain | 1 Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field. | |||||
CVE-2019-17123 | 1 Egain | 1 Mail | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, the message parameter can have initial HTML comment characters.) | |||||
CVE-2019-13976 | 1 Egain | 1 Chat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
eGain Chat 15.0.3 allows unrestricted file upload. | |||||
CVE-2019-13975 | 1 Egain | 1 Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
eGain Chat 15.0.3 allows HTML Injection. |