CVE-2023-30319

Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/wliang6/ChatEngine/blame/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L30:L40	Exploit
https://payatu.com/advisory/cross-site-scripting-xxs-vulnerability-in-wliang6-chatengine/	Third Party Advisory
https://github.com/wliang6/ChatEngine/blame/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L30:L40	Exploit
https://payatu.com/advisory/cross-site-scripting-xxs-vulnerability-in-wliang6-chatengine/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:chatengine_project:chatengine:1.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-07-06 16:15

Updated : 2024-11-21 08:00

NVD link : CVE-2023-30319

Mitre link : CVE-2023-30319

CVE.ORG link : CVE-2023-30319

JSON object : View

Products Affected

chatengine_project

chatengine

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

9.6 /10