Akshat Singhal

**Name of the Vulnerable Software and Affected Versions** Fuge CMS version 1.0 **Description** The issue is related to an Open Redirect vulnerability. It is exploited via the /front/ProcessAct.java endpoint. **Recommendations** For Fuge CMS version 1.0, as a temporary workaround, consider restricting access to the /front/ProcessAct.java endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fuge CMS version 1.0 **Description** The issue is related to an Open Redirect vulnerability found in the member/RegisterAct.java file. This vulnerability can potentially be exploited, although specific details about the estimated number of affected devices or real-world incidents are not provided. **Recommendations** For Fuge CMS version 1.0, consider restricting access to the vulnerable member/RegisterAct.java file until a patch is available. As a temporary workaround, avoid using the affected registration functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** wliang6 ChatEngine (affected versions not specified) **Description** A Cross Site Scripting (XSS) issue exists in the `textMessage` field in `/src/chatbotapp/LoginServlet.java` of wliang6 ChatEngine, allowing attackers to execute arbitrary code. This issue is related to the commit `fded8e710ad59f816867ad47d7fc4862f6502f3e`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Payatu ChatEngine version 1.0 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability in the username field, located in the /src/chatbotapp/chatWindow.java file. This vulnerability allows attackers to execute arbitrary code. **Recommendations** For Payatu ChatEngine version 1.0, consider disabling the username field in the chatWindow.java file as a temporary workaround until a patch is available. Restrict access to the chatWindow.java file to minimize the risk of exploitation. Avoid using the `username` field in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** wliang6 ChatEngine (affected versions not specified) **Description** A Cross Site Scripting (XSS) issue exists in the `username` field, located in `/src/chatbotapp/LoginServlet.java`, allowing attackers to execute arbitrary code. This issue is related to the commit fded8e710ad59f816867ad47d7fc4862f6502f3e. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ChatEngine version 1.0 **Description** The issue allows attackers to gain sensitive information through a SQL Injection vulnerability in the `textMessage` parameter in the `/src/chatbotapp/chatWindow.java` file. **Recommendations** For ChatEngine version 1.0, consider restricting access to the `textMessage` parameter in the `/src/chatbotapp/chatWindow.java` file to minimize the risk of exploitation. As a temporary workaround, avoid using the `textMessage` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** wliang6 ChatEngine (affected versions not specified) **Description** A Cross Site Scripting (XSS) issue exists in the `username` field of the `/WebContent/WEB-INF/lib/chatbox.jsp` file, allowing attackers to execute arbitrary code. This issue is related to the `chatbox.jsp` file in the wliang6 ChatEngine. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Payatu ChatEngine version 1.0 **Description** The issue allows attackers to gain sensitive information through a SQL Injection vulnerability in the `username` field, located in the `/src/chatbotapp/chatWindow.java` file. **Recommendations** For Payatu ChatEngine version 1.0, consider restricting access to the `chatWindow.java` file or disabling the `username` field until a patch is available. Avoid using the `username` field in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** wliang6 ChatEngine (affected versions not specified) **Description** A Cross Site Scripting (XSS) issue exists in the textMessage field in /src/chatbotapp/chatWindow.java, allowing attackers to execute arbitrary code. This is due to a vulnerability in the wliang6 ChatEngine, specifically in the commit fded8e710ad59f816867ad47d7fc4862f6502f3e. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.