Vulnerabilities
Vulnerable Software
Egain:  Security Vulnerabilities
eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-07-30
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, the message parameter can have initial HTML comment characters.)
CVSS Score
7.5
EPSS Score
0.004
Published
2019-12-13
eGain Chat 15.0.3 allows HTML Injection.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-04
eGain Chat 15.0.3 allows unrestricted file upload.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-09-04


Contact Us

Shodan ® - All rights reserved