cbcvebase.

Cryptocat Project Cryptocat vulnerabilities

16 known vulnerabilities affecting cryptocat_project/cryptocat.

Total CVEs
16
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH6MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2013-4103P2CRITICALCVSS 9.8PoCfixed in 2.0.222019-11-04
CVE-2013-4103 [CRITICAL] CWE-20 CVE-2013-4103: Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input
nvd
CVE-2013-2261P3HIGHCVSS 7.5PoCfixed in 2.0.222019-11-04
CVE-2013-2261 [HIGH] CWE-200 CVE-2013-2261: Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure
nvd
CVE-2013-2259P3CRITICALCVSS 9.8fixed in 2.0.222019-11-04
CVE-2013-2259 [CRITICAL] CWE-20 CVE-2013-2259: Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview
nvd
CVE-2013-2260P3CRITICALCVSS 9.8fixed in 2.0.222019-11-04
CVE-2013-2260 [CRITICAL] CWE-331 CVE-2013-2260: Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness
nvd
CVE-2013-4102P3CRITICALCVSS 9.1fixed in 2.0.222019-11-04
CVE-2013-4102 [CRITICAL] CWE-330 CVE-2013-4102: Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness
nvd
CVE-2013-4108P3CRITICALCVSS 9.8v2.0.182019-11-14
CVE-2013-4108 [CRITICAL] CVE-2013-4108: Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and a Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors.
nvd
CVE-2013-2262P3HIGHCVSS 7.5fixed in 2.0.222019-11-04
CVE-2013-2262 [HIGH] CWE-200 CVE-2013-2262: Cryptocat strophe.js before 2.0.22 has information disclosure Cryptocat strophe.js before 2.0.22 has information disclosure
nvd
CVE-2013-2257P3HIGHCVSS 7.5fixed in 2.0.422019-11-04
CVE-2013-2257 [HIGH] CWE-307 CVE-2013-2257: Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness
nvd
CVE-2013-4100P4HIGHCVSS 7.5fixed in 2.0.222019-11-04
CVE-2013-4100 [HIGH] CWE-20 CVE-2013-4100: Cryptocat before 2.0.22 has Remote Denial of Service via username Cryptocat before 2.0.22 has Remote Denial of Service via username
nvd
CVE-2013-4105P4HIGHCVSS 7.5fixed in 2.0.222019-11-04
CVE-2013-4105 [HIGH] CWE-200 CVE-2013-4105: Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure
nvd
CVE-2013-4104P4HIGHCVSS 7.5fixed in 2.0.222019-11-04
CVE-2013-4104 [HIGH] CWE-326 CVE-2013-4104: Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol
nvd
CVE-2013-2258P4MEDIUMCVSS 5.3fixed in 2.0.222019-11-04
CVE-2013-2258 [MEDIUM] CVE-2013-2258: Cryptocat before 2.0.22 has Nickname User Impersonation Cryptocat before 2.0.22 has Nickname User Impersonation
nvd
CVE-2013-4109P4MEDIUMCVSS 6.1v1.1.1652019-11-14
CVE-2013-4109 [MEDIUM] CWE-79 CVE-2013-4109: An unspecified cross-site scripting (XSS) vulnerability exists in Cryptocat Message Handling 1.1.165 An unspecified cross-site scripting (XSS) vulnerability exists in Cryptocat Message Handling 1.1.165.
nvd
CVE-2013-4106P4MEDIUMCVSS 6.1fixed in 2.0.222019-11-14
CVE-2013-4106 [MEDIUM] CWE-79 CVE-2013-4106: A Cross-site scripting (XSS) vulnerability exists in Conversation Overview Nickname in Cryptocat bef A Cross-site scripting (XSS) vulnerability exists in Conversation Overview Nickname in Cryptocat before 2.0.22.
nvd
CVE-2013-4107P4MEDIUMCVSS 6.1fixed in 2.0.222019-11-05
CVE-2013-4107 [MEDIUM] CWE-79 CVE-2013-4107: Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site scripting Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site scripting
nvd
CVE-2013-4101P4MEDIUMCVSS 5.3fixed in 2.0.222019-11-04
CVE-2013-4101 [MEDIUM] CWE-20 CVE-2013-4101: Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness
nvd
Cryptocat Project Cryptocat vulnerabilities | cvebase