exploitDog

CVE-2024-7204

Опубликовано: 02 авг. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack.

Ссылки

https://www.twcert.org.tw/en/cp-139-7975-3e810-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7969-7827e-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ai3:qbibot:*:*:*:*:*:*:*:*

Версия до 8.0.9.02 (исключая)

EPSS

Процентиль: 55%

0.00321

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-3qp2-9c8g-2g8x

CVSS3: 6.1

github

больше 1 года назад

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack.

EPSS

Процентиль: 55%

0.00321

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79