AIML Chatbot 1.0 (fixed in 2.0) is vulnerable to Cross Site Scripting (XSS). The vulnerability is exploited through the message input field, where attackers can inject malicious HTML or JavaScript code. The chatbot fails to sanitize these inputs, leading to the execution of malicious scripts.
History

Wed, 30 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Sohelamin
Sohelamin chatbot
Weaknesses CWE-79
CPEs cpe:2.3:a:sohelamin:chatbot:1.0:*:*:*:*:*:*:*
Vendors & Products Sohelamin
Sohelamin chatbot
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 25 Oct 2024 20:45:00 +0000

Type Values Removed Values Added
Description AIML Chatbot 1.0 (fixed in 2.0) is vulnerable to Cross Site Scripting (XSS). The vulnerability is exploited through the message input field, where attackers can inject malicious HTML or JavaScript code. The chatbot fails to sanitize these inputs, leading to the execution of malicious scripts.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-10-25T00:00:00

Updated: 2024-10-30T19:15:37.333Z

Reserved: 2024-10-08T00:00:00

Link: CVE-2024-48396

cve-icon Vulnrichment

Updated: 2024-10-30T19:15:32.819Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-25T21:15:04.300

Modified: 2024-10-30T20:35:31.167

Link: CVE-2024-48396

cve-icon Redhat

No data.