Winnie

6 exploits Active since Jul 2023
CVE-2023-30319 WRITEUP CRITICAL WORKING POC
Chatengine - XSS
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
CVSS 9.6
CVE-2023-30320 WRITEUP CRITICAL WORKING POC
Chatengine - XSS
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
CVSS 9.0
CVE-2023-30321 WRITEUP CRITICAL WRITEUP
Chatengine - XSS
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
CVSS 9.0
CVE-2023-30322 WRITEUP MEDIUM WORKING POC
Chatengine - XSS
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to execute arbitrary code.
CVSS 5.4
CVE-2023-30323 WRITEUP HIGH WORKING POC
Chatengine - SQL Injection
SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information.
CVSS 7.5
CVE-2023-30325 WRITEUP HIGH WORKING POC
Chatengine - SQL Injection
SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information.
CVSS 7.5