Cross-Site Scripting Vulnerability in Code-Projects Chat System
CVE-2024-13033

5.3MEDIUM

Key Information:

Vendor
Code-projects
Status
Chat System
Vendor
CVE Published:
30 December 2024

Summary

A cross-site scripting vulnerability exists in the chatroom.php component of the code-projects Chat System, specifically when handling the 'id' argument in admin chat room management functionalities. This security flaw can be exploited remotely, allowing attackers to execute malicious scripts in the context of a user's session. As the vulnerability has been disclosed, affected versions could be liable to real-world attacks, compromising the integrity and safety of user interactions within the chat system.

Affected Version(s)

Chat System 1.0

References

https://vuldb.com/?id.289766
vdb-entrytechnical-description
https://vuldb.com/?ctiid.289766
signaturepermissions-required
https://vuldb.com/?submit.471109
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Havook (VulDB User)
.