Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
- EPSS 0.42%
- Veröffentlicht 20.12.2021 03:15:06
- Zuletzt bearbeitet 21.11.2024 06:30:28
Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. The function has improper filtering of special characters in URL parameters, which allows a remote attacker to download arbitrary system files without aut...
4.3
CVE-2021-44163
- EPSS 0.19%
- Veröffentlicht 20.12.2021 03:15:06
- Zuletzt bearbeitet 21.11.2024 06:30:28
Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authentication.
7.5
CVE-2021-44164
- EPSS 3.05%
- Veröffentlicht 20.12.2021 03:15:06
- Zuletzt bearbeitet 21.11.2024 06:30:28
Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, i...
1