Qb Smart Service Robot

qb_smart_service_robot

Vendor: Chinasea • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-44164 1Chinasea 1Qb Smart Service Robot Jun 17, 2026 Dec 20, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary...Show more Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in order to take control of the system or terminate service.Show less
CVE-2021-44163 1Chinasea 1Qb Smart Service Robot Jun 17, 2026 Dec 20, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authenti...Show more Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authentication.Show less
CVE-2021-44162 1Chinasea 1Qb Smart Service Robot Jun 17, 2026 Dec 20, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. The function has improper filtering of special characters in URL parameters, which allows a remote attacker to download arbi...Show more Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. The function has improper filtering of special characters in URL parameters, which allows a remote attacker to download arbitrary system files without authentication.Show less