Messenger
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-9918 | Cri | 0.59 | 9.1 | 0.01 | Mar 29, 2019 | An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database. | ||
| CVE-2019-9920 | Hig | 0.57 | 8.8 | 0.01 | Mar 29, 2019 | An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user. | ||
| CVE-2017-17715 | Hig | 0.57 | 8.8 | 0.02 | Dec 16, 2017 | The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak. | ||
| CVE-2019-9922 | Hig | 0.50 | 7.5 | 0.11 | Mar 29, 2019 | An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files. | ||
| CVE-2014-8688 | Hig | 0.49 | 7.5 | 0.01 | Mar 14, 2017 | An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for Android. Secret chat messages are available in cleartext in process memory and a .db file. | ||
| CVE-2020-20093 | Med | 0.42 | 6.5 | 0.02 | Mar 23, 2022 | The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. | ||
| CVE-2019-9921 | Med | 0.42 | 6.5 | 0.01 | Mar 29, 2019 | An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user. | ||
| CVE-2019-9919 | Med | 0.35 | 5.4 | 0.01 | Mar 29, 2019 | An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS. |
- risk 0.59cvss 9.1epss 0.01
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user.
- risk 0.57cvss 8.8epss 0.02
The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.
- risk 0.50cvss 7.5epss 0.11
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for Android. Secret chat messages are available in cleartext in process memory and a .db file.
- risk 0.42cvss 6.5epss 0.02
The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user.
- risk 0.35cvss 5.4epss 0.01
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS.