CVE-2023-4495 Information

Description

Easy Chat Server in its 3.1 version and before does not sufficiently encrypt user-controlled inputs resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method) in the Resume parameter. The XSS is loaded from /register.ghp.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products