{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-7204","assignerOrgId":"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e","state":"PUBLISHED","assignerShortName":"twcert","dateReserved":"2024-07-29T04:10:59.597Z","datePublished":"2024-08-02T10:31:38.785Z","dateUpdated":"2024-08-07T16:14:18.960Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"QbiBot","vendor":"Ai3","versions":[{"lessThanOrEqual":"v8.0.9.b1","status":"affected","version":"0","versionType":"custom"}]}],"datePublic":"2024-08-02T10:28:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<table><tbody><tr><td>Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack.</td></tr></tbody></table>"}],"value":"Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack."}],"impacts":[{"capecId":"CAPEC-592","descriptions":[{"lang":"en","value":"CAPEC-592 Stored XSS"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e","shortName":"twcert","dateUpdated":"2024-08-02T10:31:38.785Z"},"references":[{"tags":["vendor-advisory"],"url":"https://www.twcert.org.tw/tw/cp-132-7969-7827e-1.html"},{"tags":["vendor-advisory"],"url":"https://www.twcert.org.tw/en/cp-139-7975-3e810-2.html"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">Update to version 8.0.9.02 or later, or install the patch.</span>\n\n<br>"}],"value":"Update to version 8.0.9.02 or later, or install the patch."}],"source":{"advisory":"TVN-202407019","discovery":"EXTERNAL"},"title":"Ai3 QbiBot - Stored XSS","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-07T16:13:58.358101Z","id":"CVE-2024-7204","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-07T16:14:18.960Z"}}]}}