Vulnerabilities > Chinasea

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-20	CVE-2021-44162	Path Traversal vulnerability in Chinasea QB Smart Service Robot Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. network low complexity chinasea CWE-22	5.0
2021-12-20	CVE-2021-44163	Cross-site Scripting vulnerability in Chinasea QB Smart Service Robot Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authentication. network chinasea CWE-79	4.3
2021-12-20	CVE-2021-44164	Unrestricted Upload of File with Dangerous Type vulnerability in Chinasea QB Smart Service Robot Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in order to take control of the system or terminate service. network low complexity chinasea CWE-434	7.5

Vulnerabilities > Chinasea {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Chinasea"}]}