CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Convos: >> Convos >> 3.05 Security Vulnerabilities

CVE-2022-21649

Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an <a> tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "<" or ">" but escaping for double quotes does not exist. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible.

CVSS Score

7.6

EPSS Score

0.004

Published

2022-01-04

CVE-2021-42584

A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before 6.32.

CVSS Score

5.4

EPSS Score

0.003

Published

2021-12-17

CVE-2020-14423

Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOS_LOCAL_SECRET value, affecting password resets and invitations.

CVSS Score

5.3

EPSS Score

0.003

Published

2020-06-18

Page 1

Vulnerabilities

Vulnerable Software

Convos: >> Convos >> 3.05 Security Vulnerabilities

Products

Pricing

Contact Us