CVE-2023-30321

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-30321
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.

9.0 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L55:L64 Exploit
https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-loginservlet-java-wliang6-chatengine-allows-attackers-to-execute-arbitrary-code/ Third Party Advisory
https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L55:L64 Exploit
https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-loginservlet-java-wliang6-chatengine-allows-attackers-to-execute-arbitrary-code/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:chatengine_project:chatengine:1.0:*:*:*:*:*:*:*
History

21 Nov 2024, 08:00

Type Values Removed Values Added
References () https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L55:L64 - Exploit () https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L55:L64 - Exploit
References () https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-loginservlet-java-wliang6-chatengine-allows-attackers-to-execute-arbitrary-code/ - Third Party Advisory () https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-loginservlet-java-wliang6-chatengine-allows-attackers-to-execute-arbitrary-code/ - Third Party Advisory

12 Jul 2023, 23:08

Type Values Removed Values Added
CWE CWE-79
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.0
CPE cpe:2.3:a:chatengine_project:chatengine:1.0:*:*:*:*:*:*:*
References (MISC) https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L55:L64 - (MISC) https://github.com/wliang6/ChatEngine/blob/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L55:L64 - Exploit
References (CONFIRM) https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-loginservlet-java-wliang6-chatengine-allows-attackers-to-execute-arbitrary-code/ - (CONFIRM) https://payatu.com/advisory/cross-site-scripting-xss-vulnerability-in-loginservlet-java-wliang6-chatengine-allows-attackers-to-execute-arbitrary-code/ - Third Party Advisory

06 Jul 2023, 17:44

Type Values Removed Values Added
New CVE
Information

Published : 2023-07-06 16:15

Updated : 2024-11-21 08:00

NVD link : CVE-2023-30321

Mitre link : CVE-2023-30321

CVE.ORG link : CVE-2023-30321

JSON object : View

Products Affected

chatengine_project

  • chatengine
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')