Crafty Syntax Live Help
Products
2- 6 CVEs
- 1 CVE
Recent CVEs
7| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-3845 | 0.03 | — | 0.02 | Aug 27, 2008 | Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php. | ||
| CVE-2008-3510 | 0.03 | — | 0.00 | Aug 7, 2008 | Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty Syntax Live Help (CSLH) 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter. | ||
| CVE-2004-2355 | 0.03 | — | 0.01 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help (CSLH) before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the name field of a livehelp or chat session. | ||
| CVE-2011-3723 | 0.00 | — | 0.00 | Sep 23, 2011 | Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by README_FILES/livehelp.php and certain other files. | ||
| CVE-2008-3840 | 0.00 | — | 0.00 | Aug 27, 2008 | Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | ||
| CVE-2008-1183 | 0.00 | — | 0.00 | Mar 6, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax Live Help (CSLH) before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) livehelp.php, (2) user_questions.php, and (3) leavemessage.php. NOTE: the lostsheep.php vector is covered by CVE-2008-0848. | ||
| CVE-2008-0848 | 0.00 | — | 0.01 | Feb 21, 2008 | Cross-site scripting (XSS) vulnerability in lostsheep.php in Crafty Syntax Live Help (CSLH) before 2.14.16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the versions claimed by the original researcher are probably incorrect. |
- CVE-2008-3845Aug 27, 2008risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php.
- CVE-2008-3510Aug 7, 2008risk 0.03cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty Syntax Live Help (CSLH) 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter.
- CVE-2004-2355Dec 31, 2004risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help (CSLH) before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the name field of a livehelp or chat session.
- CVE-2011-3723Sep 23, 2011risk 0.00cvss —epss 0.00
Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by README_FILES/livehelp.php and certain other files.
- CVE-2008-3840Aug 27, 2008risk 0.00cvss —epss 0.00
Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
- CVE-2008-1183Mar 6, 2008risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax Live Help (CSLH) before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) livehelp.php, (2) user_questions.php, and (3) leavemessage.php. NOTE: the lostsheep.php vector is covered by CVE-2008-0848.
- CVE-2008-0848Feb 21, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in lostsheep.php in Crafty Syntax Live Help (CSLH) before 2.14.16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the versions claimed by the original researcher are probably incorrect.