CVE-2024-30264 - Vulnerability Details - OpenCVE

Typebot is an open-source chatbot builder. A reflected cross-site scripting (XSS) in the sign-in page of typebot.io prior to version 2.24.0 may allow an attacker to hijack a user's account. The sign-in page takes the `redirectPath` parameter from the URL. If a user clicks on a link where the `redirectPath` parameter has a javascript scheme, the attacker that crafted the link may be able to execute arbitrary JavaScript with the privileges of the user. Version 2.24.0 contains a patch for this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Typebot	Typebot

No data.

No data.

References

Link	Providers
https://github.com/baptisteArno/typebot.io/blob/v2.23.0/apps/builder/src/features/auth/components/SignInForm.tsx#L35
https://github.com/baptisteArno/typebot.io/commit/d0be29e25732c410b561cbc3c5607c3c1d4b6c8e
https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-mx2f-9mcr-8j73

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-04-04T20:18:08.993Z

Updated: 2024-08-02T01:32:06.369Z

Reserved: 2024-03-26T12:52:00.935Z

Link: CVE-2024-30264

Vulnrichment

Updated: 2024-07-31T19:58:09.730Z

NVD

Status : Awaiting Analysis

Published: 2024-04-04T21:15:16.380

Modified: 2024-11-21T09:11:34.930

Link: CVE-2024-30264

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-30264", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-26T12:52:00.935Z", "datePublished": "2024-04-04T20:18:08.993Z", "dateUpdated": "2024-08-02T01:32:06.369Z"}, "containers": {"cna": {"title": "typebot.io: `GHSL-2024-040`", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-mx2f-9mcr-8j73", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-mx2f-9mcr-8j73"}, {"name": "https://github.com/baptisteArno/typebot.io/commit/d0be29e25732c410b561cbc3c5607c3c1d4b6c8e", "tags": ["x_refsource_MISC"], "url": "https://github.com/baptisteArno/typebot.io/commit/d0be29e25732c410b561cbc3c5607c3c1d4b6c8e"}, {"name": "https://github.com/baptisteArno/typebot.io/blob/v2.23.0/apps/builder/src/features/auth/components/SignInForm.tsx#L35", "tags": ["x_refsource_MISC"], "url": "https://github.com/baptisteArno/typebot.io/blob/v2.23.0/apps/builder/src/features/auth/components/SignInForm.tsx#L35"}], "affected": [{"vendor": "baptisteArno", "product": "typebot.io", "versions": [{"version": "< 2.24.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-04T20:18:08.993Z"}, "descriptions": [{"lang": "en", "value": "Typebot is an open-source chatbot builder. A reflected cross-site scripting (XSS) in the sign-in page of typebot.io prior to version 2.24.0 may allow an attacker to hijack a user's account. The sign-in page takes the `redirectPath` parameter from the URL. If a user clicks on a link where the `redirectPath` parameter has a javascript scheme, the attacker that crafted the link may be able to execute arbitrary JavaScript with the privileges of the user. Version 2.24.0 contains a patch for this issue."}], "source": {"advisory": "GHSA-mx2f-9mcr-8j73", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "typebot", "product": "typebot", "cpes": ["cpe:2.3:a:typebot:typebot:*:*:*:*:*:wordpress:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.24.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-05T13:58:18.570417Z", "id": "CVE-2024-30264", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-31T19:58:14.495Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:32:06.369Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-mx2f-9mcr-8j73", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-mx2f-9mcr-8j73"}, {"name": "https://github.com/baptisteArno/typebot.io/commit/d0be29e25732c410b561cbc3c5607c3c1d4b6c8e", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/baptisteArno/typebot.io/commit/d0be29e25732c410b561cbc3c5607c3c1d4b6c8e"}, {"name": "https://github.com/baptisteArno/typebot.io/blob/v2.23.0/apps/builder/src/features/auth/components/SignInForm.tsx#L35", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/baptisteArno/typebot.io/blob/v2.23.0/apps/builder/src/features/auth/components/SignInForm.tsx#L35"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30264", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-05T13:58:18.570417Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:typebot:typebot:*:*:*:*:*:wordpress:*:*"], "vendor": "typebot", "product": "typebot", "versions": [{"status": "affected", "version": "0", "lessThan": "2.24.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-31T19:58:09.730Z"}}], "cna": {"title": "typebot.io: `GHSL-2024-040`", "source": {"advisory": "GHSA-mx2f-9mcr-8j73", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "baptisteArno", "product": "typebot.io", "versions": [{"status": "affected", "version": "< 2.24.0"}]}], "references": [{"url": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-mx2f-9mcr-8j73", "name": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-mx2f-9mcr-8j73", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/baptisteArno/typebot.io/commit/d0be29e25732c410b561cbc3c5607c3c1d4b6c8e", "name": "https://github.com/baptisteArno/typebot.io/commit/d0be29e25732c410b561cbc3c5607c3c1d4b6c8e", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/baptisteArno/typebot.io/blob/v2.23.0/apps/builder/src/features/auth/components/SignInForm.tsx#L35", "name": "https://github.com/baptisteArno/typebot.io/blob/v2.23.0/apps/builder/src/features/auth/components/SignInForm.tsx#L35", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Typebot is an open-source chatbot builder. A reflected cross-site scripting (XSS) in the sign-in page of typebot.io prior to version 2.24.0 may allow an attacker to hijack a user's account. The sign-in page takes the `redirectPath` parameter from the URL. If a user clicks on a link where the `redirectPath` parameter has a javascript scheme, the attacker that crafted the link may be able to execute arbitrary JavaScript with the privileges of the user. Version 2.24.0 contains a patch for this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-04T20:18:08.993Z"}}}, "cveMetadata": {"cveId": "CVE-2024-30264", "state": "PUBLISHED", "dateUpdated": "2024-07-31T19:58:14.495Z", "dateReserved": "2024-03-26T12:52:00.935Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-04-04T20:18:08.993Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Typebot is an open-source chatbot builder. A reflected cross-site scripting (XSS) in the sign-in page of typebot.io prior to version 2.24.0 may allow an attacker to hijack a user's account. The sign-in page takes the `redirectPath` parameter from the URL. If a user clicks on a link where the `redirectPath` parameter has a javascript scheme, the attacker that crafted the link may be able to execute arbitrary JavaScript with the privileges of the user. Version 2.24.0 contains a patch for this issue."}, {"lang": "es", "value": "Typebot es un creador de chatbots de c\u00f3digo abierto. Un cross-site scripting (XSS) reflejado en la p\u00e1gina de inicio de sesi\u00f3n de typebot.io antes de la versi\u00f3n 2.24.0 puede permitir que un atacante se apodere de la cuenta de un usuario. La p\u00e1gina de inicio de sesi\u00f3n toma el par\u00e1metro `redirectPath` de la URL. Si un usuario hace clic en un enlace donde el par\u00e1metro `redirectPath` tiene un esquema javascript, el atacante que cre\u00f3 el enlace puede ejecutar JavaScript arbitrario con los privilegios del usuario. La versi\u00f3n 2.24.0 contiene un parche para este problema."}], "id": "CVE-2024-30264", "lastModified": "2024-11-21T09:11:34.930", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-04-04T21:15:16.380", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/baptisteArno/typebot.io/blob/v2.23.0/apps/builder/src/features/auth/components/SignInForm.tsx#L35"}, {"source": "security-advisories@github.com", "url": "https://github.com/baptisteArno/typebot.io/commit/d0be29e25732c410b561cbc3c5607c3c1d4b6c8e"}, {"source": "security-advisories@github.com", "url": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-mx2f-9mcr-8j73"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/baptisteArno/typebot.io/blob/v2.23.0/apps/builder/src/features/auth/components/SignInForm.tsx#L35"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/baptisteArno/typebot.io/commit/d0be29e25732c410b561cbc3c5607c3c1d4b6c8e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-mx2f-9mcr-8j73"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}