Egain

egain

4 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-15948 1Egain 1Chat Nov 21, 2024 Jul 30, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field.
CVE-2019-17123 1Egain 1Mail Jun 17, 2026 Dec 13, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, th...Show more The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, the message parameter can have initial HTML comment characters.)Show less
CVE-2019-13976 1Egain 1Chat Jun 17, 2026 Sep 4, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 eGain Chat 15.0.3 allows unrestricted file upload.
CVE-2019-13975 1Egain 1Chat Jun 17, 2026 Sep 4, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 eGain Chat 15.0.3 allows HTML Injection.