CVE-2024-9141 MEDIUM

CVE-2024-9141: Cross-Site Scripting (XSS) vulnerability in Oct8ne

Vendor Oct8Ne

Product Oct8ne

Weakness CWE-79 · XSS

Published September 24, 2024

Last update September 24, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-Site Scripting (XSS) vulnerability in the Oct8ne system. This flaw could allow an attacker to embed harmful JavaScript code into the body of a chat message. This manipulation occurs when the chat content is intercepted and altered, leading to the execution of the JavaScript payload.

Key dates

02Disclosure timeline

September 24, 2024 CVE published

September 24, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-9141 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-53463 WordPress HT Mega – Absolute Addons for WPBakery Page Builder Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability CVE-2023-45630 WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS) CVE-2023-47844 WordPress Grab & Save Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS) CVE-2022-0864 UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting CVE-2025-25044 IBM Planning Analytics Local cross-site scripting