Every CVE whose affected-product data names Enghouse Web Chat, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2019-16948 — CVSS 9.8 (critical): An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at…
CVE-2019-16949 — CVSS 6.5 (medium): An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. A user is allowed to send an archive of their chat log to an email…
CVE-2019-16950 — CVSS 6.1 (medium): An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. The QueueName parameter of a GET request allows for insertion…
CVE-2020-13972 — CVSS 6.1 (medium): Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLocation parameter, the response from the…
CVE-2019-16951 — CVSS 5.3 (medium): A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own…