CVE-2024-10433

A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Name/Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions different parameters to be affected which do not correlate with the screenshots of a successful attack.
References
Link Resource
https://github.com/jadu101/CVE/blob/main/project_worlds_simple_web_based_chat_app_index_xss.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.281984 Permissions Required VDB Entry
https://vuldb.com/?id.281984 Third Party Advisory VDB Entry
https://vuldb.com/?submit.432236 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:projectworlds:simple_web-based_chat_application:1.0:*:*:*:*:*:*:*

History

30 Oct 2024, 18:31

Type Values Removed Values Added
CPE cpe:2.3:a:projectworlds:simple_web-based_chat_application:1.0:*:*:*:*:*:*:*
First Time Projectworlds simple Web-based Chat Application
Projectworlds
CVSS v2 : 4.0
v3 : 3.5
v2 : 4.0
v3 : 6.1
References () https://github.com/jadu101/CVE/blob/main/project_worlds_simple_web_based_chat_app_index_xss.md - () https://github.com/jadu101/CVE/blob/main/project_worlds_simple_web_based_chat_app_index_xss.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.281984 - () https://vuldb.com/?ctiid.281984 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.281984 - () https://vuldb.com/?id.281984 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.432236 - () https://vuldb.com/?submit.432236 - Third Party Advisory, VDB Entry

28 Oct 2024, 13:58

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en Project Worlds Simple Web-Based Chat Application 1.0 y se ha clasificado como problemática. Este problema afecta a una funcionalidad desconocida del archivo /index.php. La manipulación del argumento Nombre/Comentario provoca Cross Site Scripting. El ataque puede ejecutarse de forma remota. El exploit se ha hecho público y puede utilizarse. El aviso inicial para investigadores menciona diferentes parámetros que se verán afectados y que no se correlacionan con las capturas de pantalla de un ataque exitoso.

28 Oct 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-28 00:15

Updated : 2024-10-30 18:31


NVD link : CVE-2024-10433

Mitre link : CVE-2024-10433

CVE.ORG link : CVE-2024-10433


JSON object : View

Products Affected

projectworlds

  • simple_web-based_chat_application
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')