Vulnerabilities > Egain
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-30 | CVE-2020-15948 | Cross-site Scripting vulnerability in Egain Chat 15.5.5 eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field. | 6.1 |
| 2019-12-13 | CVE-2019-17123 | Injection vulnerability in Egain Mail 11 The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. | 7.5 |
| 2019-09-04 | CVE-2019-13976 | Unrestricted Upload of File with Dangerous Type vulnerability in Egain Chat 15.0.3 eGain Chat 15.0.3 allows unrestricted file upload. | 9.8 |
| 2019-09-04 | CVE-2019-13975 | Cross-site Scripting vulnerability in Egain Chat 15.0.3 eGain Chat 15.0.3 allows HTML Injection. | 6.1 |