A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Name/Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions different parameters to be affected which do not correlate with the screenshots of a successful attack.
References
Link | Resource |
---|---|
https://github.com/jadu101/CVE/blob/main/project_worlds_simple_web_based_chat_app_index_xss.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.281984 | Permissions Required VDB Entry |
https://vuldb.com/?id.281984 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.432236 | Third Party Advisory VDB Entry |
Configurations
History
30 Oct 2024, 18:31
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:projectworlds:simple_web-based_chat_application:1.0:*:*:*:*:*:*:* | |
First Time |
Projectworlds simple Web-based Chat Application
Projectworlds |
|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.1 |
References | () https://github.com/jadu101/CVE/blob/main/project_worlds_simple_web_based_chat_app_index_xss.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.281984 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.281984 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.432236 - Third Party Advisory, VDB Entry |
28 Oct 2024, 13:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
28 Oct 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-28 00:15
Updated : 2024-10-30 18:31
NVD link : CVE-2024-10433
Mitre link : CVE-2024-10433
CVE.ORG link : CVE-2024-10433
JSON object : View
Products Affected
projectworlds
- simple_web-based_chat_application
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')