CVE-2024-7204

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ai3:qbibot:*:*:*:*:*:*:*:*

History

11 Sep 2024, 14:23

Type Values Removed Values Added
CPE cpe:2.3:a:ai3:qbibot:*:*:*:*:*:*:*:*
First Time Ai3
Ai3 qbibot
References () https://www.twcert.org.tw/en/cp-139-7975-3e810-2.html - () https://www.twcert.org.tw/en/cp-139-7975-3e810-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-7969-7827e-1.html - () https://www.twcert.org.tw/tw/cp-132-7969-7827e-1.html - Third Party Advisory

02 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) Ai3 QbiBot no filtra adecuadamente la entrada del usuario, lo que permite a atacantes remotos no autenticados insertar código JavaScript en el cuadro de chat. Una vez que el destinatario vea el mensaje, estará sujeto a un ataque de XSS almacenado.

02 Aug 2024, 11:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-02 11:16

Updated : 2024-09-11 14:23


NVD link : CVE-2024-7204

Mitre link : CVE-2024-7204

CVE.ORG link : CVE-2024-7204


JSON object : View

Products Affected

ai3

  • qbibot
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')