Filtered by vendor Egain
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15948 | 1 Egain | 1 Chat | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field. | |||||
| CVE-2019-17123 | 1 Egain | 1 Mail | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, the message parameter can have initial HTML comment characters.) | |||||
| CVE-2019-13975 | 1 Egain | 1 Chat | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| eGain Chat 15.0.3 allows HTML Injection. | |||||
| CVE-2019-13976 | 1 Egain | 1 Chat | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| eGain Chat 15.0.3 allows unrestricted file upload. | |||||