CVE-2023-30322

Опубликовано: 06 июл. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to execute arbitrary code.

Ссылки

https://github.com/wliang6/ChatEngine/blob/master/src/chatbotapp/chatWindow.java#L71:L81
Product
https://payatu.com/advisory/cross-site-scripting-xss-in-username-field-in-chatwindow-functionality-in-chatengine-1-0/
Third Party Advisory
https://github.com/wliang6/ChatEngine/blob/master/src/chatbotapp/chatWindow.java#L71:L81
Product
https://payatu.com/advisory/cross-site-scripting-xss-in-username-field-in-chatwindow-functionality-in-chatengine-1-0/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:chatengine_project:chatengine:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00123

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-87r8-h45f-65q2