Cryptocat ProjectCVEs & Vulnerabilities
17 CVEs affecting Cryptocat Project products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
Most Affected Products
Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors.
A Cross-site scripting (XSS) vulnerability exists in Conversation Overview Nickname in Cryptocat before 2.0.22.
An unspecified cross-site scripting (XSS) vulnerability exists in Cryptocat Message Handling 1.1.165.
Cryptocat has an Unspecified Chat Participant User List Disclosure
Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site scripting
Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure
Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness
Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview
Cryptocat before 2.0.22 has Nickname User Impersonation
Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness
Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol
Cryptocat strophe.js before 2.0.22 has information disclosure
Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure
Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input
Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness
Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness
Cryptocat before 2.0.22 has Remote Denial of Service via username