CVE-2024-48396

{"id": "CVE-2024-48396", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-10-25T21:15:04.300", "references": [{"url": "https://github.com/sohelamin/chatbot", "source": "cve@mitre.org"}, {"url": "https://jacobmasse.medium.com/reflected-xss-in-popular-ai-chatbot-application-79de74ea0cc8", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "AIML Chatbot 1.0 (fixed in 2.0) is vulnerable to Cross Site Scripting (XSS). The vulnerability is exploited through the message input field, where attackers can inject malicious HTML or JavaScript code. The chatbot fails to sanitize these inputs, leading to the execution of malicious scripts."}, {"lang": "es", "value": "AIML Chatbot 1.0 (corregido en la versi\u00f3n 2.0) es vulnerable a Cross Site Scripting (XSS). La vulnerabilidad se explota a trav\u00e9s del campo de entrada de mensajes, donde los atacantes pueden inyectar c\u00f3digo HTML o JavaScript malicioso. El chatbot no puede desinfectar estas entradas, lo que lleva a la ejecuci\u00f3n de scripts maliciosos."}], "lastModified": "2024-10-30T20:35:31.167", "sourceIdentifier": "cve@mitre.org"}