CVE-2024-13033

A vulnerability, which was classified as problematic, has been found in code-projects Chat System 1.0. Affected by this issue is some unknown functionality of the file /admin/chatroom.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://code-projects.org/ Product
https://vuldb.com/?ctiid.289766 Permissions Required
https://vuldb.com/?id.289766 Third Party Advisory
https://vuldb.com/?submit.471109 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:code-projects:chat_system:1.0:*:*:*:*:*:*:*

History

06 Jan 2025, 18:26

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como problemática en code-projects Chat System 1.0. Este problema afecta a algunas funciones desconocidas del archivo /admin/chatroom.php. La manipulación del argumento id provoca cross site scripting. El ataque puede ejecutarse de forma remota. El exploit se ha hecho público y puede utilizarse.
CPE cpe:2.3:a:code-projects:chat_system:1.0:*:*:*:*:*:*:*
First Time Code-projects chat System
Code-projects
References () https://code-projects.org/ - () https://code-projects.org/ - Product
References () https://vuldb.com/?ctiid.289766 - () https://vuldb.com/?ctiid.289766 - Permissions Required
References () https://vuldb.com/?id.289766 - () https://vuldb.com/?id.289766 - Third Party Advisory
References () https://vuldb.com/?submit.471109 - () https://vuldb.com/?submit.471109 - Third Party Advisory

30 Dec 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-12-30 02:15

Updated : 2025-01-06 18:26


NVD link : CVE-2024-13033

Mitre link : CVE-2024-13033

CVE.ORG link : CVE-2024-13033


JSON object : View

Products Affected

code-projects

  • chat_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-94

Improper Control of Generation of Code ('Code Injection')