CVE-2024-7204 MEDIUM

CVE-2024-7204: Ai3 QbiBot - Stored XSS

Vendor Ai3

Product QbiBot

Weakness CWE-79 · XSS

Published August 2, 2024

Last update August 7, 2024

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack.

Key dates

02Disclosure timeline

August 2, 2024 CVE published

August 7, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-7204 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-43721 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2024-52484 WordPress Wc Recently viewed products plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-2765 Ultimate Member <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2023-51725 Stored Cross Site Scripting Vulnerability in Skyworth Router CVE-2021-42335 Huachu Digital Technology Co.,Ltd. Easytest - Stored XSS