CVE-2024-48396

medium

Description

AIML Chatbot 1.0 (fixed in 2.0) is vulnerable to Cross Site Scripting (XSS). The vulnerability is exploited through the message input field, where attackers can inject malicious HTML or JavaScript code. The chatbot fails to sanitize these inputs, leading to the execution of malicious scripts.

References

https://jacobmasse.medium.com/reflected-xss-in-popular-ai-chatbot-application-79de74ea0cc8

https://github.com/sohelamin/chatbot

Details

Source: Mitre, NVD

Published: 2024-10-25

Updated: 2024-10-30

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N