VYPR
Vendor

Nice

Products
2
CVEs
9
Across products
9
Status
Private

Products

2

Recent CVEs

9
  • CVE-2025-59902HigFeb 3, 2026
    risk 0.46cvss epss 0.00

    HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email…

  • CVE-2021-30480Apr 9, 2021
    risk 0.01cvss epss 0.06

    Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific…

  • CVE-2021-33488Nov 22, 2021
    risk 0.00cvss epss 0.01

    chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook.

  • CVE-2020-15948Jul 28, 2021
    risk 0.00cvss epss 0.01

    eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field.

  • CVE-2019-13976Sep 4, 2019
    risk 0.00cvss epss 0.02

    eGain Chat 15.0.3 allows unrestricted file upload.

  • CVE-2019-13975Sep 4, 2019
    risk 0.00cvss epss 0.01

    eGain Chat 15.0.3 allows HTML Injection.

  • CVE-2014-4308Jun 18, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) before 6.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) USRLNM parameter to myaccount/mysettings.edit.validate.asp or the frame parameter to (2)…

  • CVE-2014-4305Jun 18, 2014
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2005-2036Jun 16, 2005
    risk 0.00cvss epss 0.02

    modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to obtain the administrator password and email address via a modified nickname value.