CVE-2024-7204

{"id": "CVE-2024-7204", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-08-02T11:16:43.987", "references": [{"url": "https://www.twcert.org.tw/en/cp-139-7975-3e810-2.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-7969-7827e-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack."}, {"lang": "es", "value": " Ai3 QbiBot no filtra adecuadamente la entrada del usuario, lo que permite a atacantes remotos no autenticados insertar c\u00f3digo JavaScript en el cuadro de chat. Una vez que el destinatario vea el mensaje, estar\u00e1 sujeto a un ataque de XSS almacenado."}], "lastModified": "2024-09-11T14:23:45.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ai3:qbibot:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE6979F4-E9CA-4E96-968B-70B3C126D4CA", "versionEndExcluding": "8.0.9.02"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}