CVE-2024-4302

{"id": "CVE-2024-4302", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-04-29T06:15:17.803", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7779-35562-1.html", "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-7779-35562-1.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Super 8 Live Chat online customer service platform fails to properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. When the message recipient views the message, they become susceptible to Cross-site Scripting (XSS) attacks."}, {"lang": "es", "value": "La plataforma de servicio al cliente en l\u00ednea Super 8 Live Chat no filtra adecuadamente la entrada del usuario, lo que permite a atacantes remotos no autenticados insertar c\u00f3digo JavaScript en el cuadro de chat. Cuando el destinatario del mensaje ve el mensaje, se vuelve susceptible a ataques de cross site scripting (XSS)."}], "lastModified": "2024-11-21T09:42:34.747", "sourceIdentifier": "twcert@cert.org.tw"}