{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7204", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2024-07-29T04:10:59.597Z", "datePublished": "2024-08-02T10:31:38.785Z", "dateUpdated": "2024-08-07T16:14:18.960Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QbiBot", "vendor": "Ai3", "versions": [{"lessThanOrEqual": "v8.0.9.b1", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2024-08-02T10:28:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<table><tbody><tr><td>Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack.</td></tr></tbody></table>"}], "value": "Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-08-02T10:31:38.785Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7969-7827e-1.html"}, {"tags": ["vendor-advisory"], "url": "https://www.twcert.org.tw/en/cp-139-7975-3e810-2.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update to version 8.0.9.02 or later, or install the patch.</span>\n\n<br>"}], "value": "Update to version 8.0.9.02 or later, or install the patch."}], "source": {"advisory": "TVN-202407019", "discovery": "EXTERNAL"}, "title": "Ai3 QbiBot - Stored XSS", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-07T16:13:58.358101Z", "id": "CVE-2024-7204", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-07T16:14:18.960Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7204", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-07T16:13:58.358101Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-07T16:14:11.679Z"}}], "cna": {"title": "Ai3 QbiBot - Stored XSS", "source": {"advisory": "TVN-202407019", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ai3", "product": "QbiBot", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v8.0.9.b1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to version 8.0.9.02 or later, or install the patch.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update to version 8.0.9.02 or later, or install the patch.</span>\n\n<br>", "base64": false}]}], "datePublic": "2024-08-02T10:28:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7969-7827e-1.html", "tags": ["vendor-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-7975-3e810-2.html", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack.", "supportingMedia": [{"type": "text/html", "value": "<table><tbody><tr><td>Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack.</td></tr></tbody></table>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-08-02T10:31:38.785Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7204", "state": "PUBLISHED", "dateUpdated": "2024-08-07T16:14:18.960Z", "dateReserved": "2024-07-29T04:10:59.597Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2024-08-02T10:31:38.785Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ai3:qbibot:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE6979F4-E9CA-4E96-968B-70B3C126D4CA", "versionEndExcluding": "8.0.9.02", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack."}, {"lang": "es", "value": " Ai3 QbiBot no filtra adecuadamente la entrada del usuario, lo que permite a atacantes remotos no autenticados insertar c\u00f3digo JavaScript en el cuadro de chat. Una vez que el destinatario vea el mensaje, estar\u00e1 sujeto a un ataque de XSS almacenado."}], "id": "CVE-2024-7204", "lastModified": "2024-09-11T14:23:45.127", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "twcert@cert.org.tw", "type": "Primary"}]}, "published": "2024-08-02T11:16:43.987", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/en/cp-139-7975-3e810-2.html"}, {"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7969-7827e-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}

{}