Winnie

6 exploits Active since Jul 2023
CVE-2023-30319 WRITEUP CRITICAL WORKING POC
ChatEngine - Stored Cross-Site Scripting in Username Field
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
CVSS 9.6
CVE-2023-30320 WRITEUP CRITICAL WORKING POC
ChatEngine - Stored Cross-Site Scripting in textMessage Field
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
CVSS 9.0
CVE-2023-30321 WRITEUP CRITICAL WRITEUP
ChatEngine - Stored Cross-Site Scripting in LoginServlet textMessage Field
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
CVSS 9.0
CVE-2023-30322 WRITEUP MEDIUM WORKING POC
ChatEngine 1.0 - Stored Cross-Site Scripting in Username Field
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to execute arbitrary code.
CVSS 5.4
CVE-2023-30323 WRITEUP HIGH WORKING POC
ChatEngine 1.0 - SQL Injection via Username Field
SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information.
CVSS 7.5
CVE-2023-30325 WRITEUP HIGH WORKING POC
ChatEngine 1.0 - SQL Injection via textMessage Parameter
SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information.
CVSS 7.5