Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/en/cp-139-7975-3e810-2.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-7969-7827e-1.html | Third Party Advisory |
Configurations
History
11 Sep 2024, 14:23
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ai3 qbibot
Ai3 |
|
References | () https://www.twcert.org.tw/en/cp-139-7975-3e810-2.html - Third Party Advisory | |
References | () https://www.twcert.org.tw/tw/cp-132-7969-7827e-1.html - Third Party Advisory | |
CPE | cpe:2.3:a:ai3:qbibot:*:*:*:*:*:*:*:* |
02 Aug 2024, 12:59
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
02 Aug 2024, 11:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-02 11:16
Updated : 2024-09-11 14:23
NVD link : CVE-2024-7204
Mitre link : CVE-2024-7204
CVE.ORG link : CVE-2024-7204
JSON object : View
Products Affected
ai3
- qbibot
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')