Filtered by vendor Chinasea
Subscriptions
Filtered by product Qb Smart Service Robot
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-44162 | 1 Chinasea | 1 Qb Smart Service Robot | 2024-09-16 | 7.5 High |
| Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. The function has improper filtering of special characters in URL parameters, which allows a remote attacker to download arbitrary system files without authentication. | ||||
| CVE-2021-44164 | 1 Chinasea | 1 Qb Smart Service Robot | 2024-09-16 | 9.8 Critical |
| Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in order to take control of the system or terminate service. | ||||
| CVE-2021-44163 | 1 Chinasea | 1 Qb Smart Service Robot | 2024-09-16 | 6.1 Medium |
| Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authentication. | ||||
Page 1 of 1.