Cross-Site Scripting Vulnerability in Code-Projects Chat System 1.0
CVE-2024-13019

5.3MEDIUM

Key Information:

Vendor
Code-projects
Status
Chat System
Vendor
CVE Published:
29 December 2024

Summary

A cross-site scripting (XSS) vulnerability has been identified in the Chat System 1.0 by Code-Projects. The flaw resides in the update_room.php component, specifically an unprotected function that processes the 'name' argument. Attackers can exploit this weakness to execute malicious scripts in the context of the user's browser, potentially leading to unauthorized actions or data exposure. Given that this vulnerability can be executed remotely, it poses a significant risk to users of the affected product, emphasizing the need for timely updates and security best practices.

Affected Version(s)

Chat System 1.0

References

https://vuldb.com/?id.289710
vdb-entrytechnical-description
https://vuldb.com/?ctiid.289710
signaturepermissions-required
https://vuldb.com/?submit.470599
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Fergod (VulDB User)
.
CVE-2024-13019 : Cross-Site Scripting Vulnerability in Code-Projects Chat System 1.0 | SecurityVulnerability.io