Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

egain

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

4
Related CVEsRelated ProductsRelated AssignersReports
4Vulnerabilities found
CVE-2020-15948
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 41.09%
||
7 Day CHG~0.00%
Published-28 Jul, 2021 | 19:39
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field.

Action-Not Available
Vendor-egainn/a
Product-chatn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-17123
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.32%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 17:54
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, the message parameter can have initial HTML comment characters.)

Action-Not Available
Vendor-egainn/a
Product-mailn/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2019-13976
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.94%
||
7 Day CHG~0.00%
Published-04 Sep, 2019 | 15:26
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

eGain Chat 15.0.3 allows unrestricted file upload.

Action-Not Available
Vendor-egainn/a
Product-chatn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-13975
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.17%
||
7 Day CHG~0.00%
Published-04 Sep, 2019 | 15:24
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

eGain Chat 15.0.3 allows HTML Injection.

Action-Not Available
Vendor-egainn/a
Product-chatn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')