exploitDog

CVE-2021-44163

Опубликовано: 20 дек. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authentication.

Ссылки

https://www.twcert.org.tw/tw/cp-132-5399-03b81-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-5399-03b81-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:chinasea:qb_smart_service_robot:-:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.00192

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-wxf3-qxfw-xchv

github

около 4 лет назад

Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authentication.

EPSS

Процентиль: 41%

0.00192

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79