Cryptocat ProjectCVEs & Vulnerabilities

17 CVEs affecting Cryptocat Project products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

cryptocat 17
CVE-2013-4108CRITICAL

Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors.

14 Nov 2019
9.8
CVSS
CVE-2013-4106MEDIUM

A Cross-site scripting (XSS) vulnerability exists in Conversation Overview Nickname in Cryptocat before 2.0.22.

14 Nov 2019
6.1
CVSS
CVE-2013-4109MEDIUM

An unspecified cross-site scripting (XSS) vulnerability exists in Cryptocat Message Handling 1.1.165.

14 Nov 2019
6.1
CVSS
CVE-2013-4110MEDIUM

Cryptocat has an Unspecified Chat Participant User List Disclosure

5 Nov 2019
5.3
CVSS
CVE-2013-4107MEDIUM

Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site scripting

5 Nov 2019
6.1
CVSS
CVE-2013-4105HIGH

Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure

4 Nov 2019
7.5
CVSS
CVE-2013-2260CRITICAL

Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness

4 Nov 2019
9.8
CVSS
CVE-2013-2259CRITICAL

Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview

4 Nov 2019
9.8
CVSS
CVE-2013-2258MEDIUM

Cryptocat before 2.0.22 has Nickname User Impersonation

4 Nov 2019
5.3
CVSS
CVE-2013-2257HIGH

Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness

4 Nov 2019
7.5
CVSS
CVE-2013-4104HIGH

Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol

4 Nov 2019
7.5
CVSS
CVE-2013-2262HIGH

Cryptocat strophe.js before 2.0.22 has information disclosure

4 Nov 2019
7.5
CVSS
CVE-2013-2261HIGHpoc

Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure

4 Nov 2019
7.5
CVSS
CVE-2013-4103CRITICALpoc

Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input

4 Nov 2019
9.8
CVSS
CVE-2013-4102CRITICAL

Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness

4 Nov 2019
9.1
CVSS
CVE-2013-4101MEDIUM

Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness

4 Nov 2019
5.3
CVSS
CVE-2013-4100HIGH

Cryptocat before 2.0.22 has Remote Denial of Service via username

4 Nov 2019
7.5
CVSS
← PrevPage 1 / 1Next →