Cross Site Scripting Vulnerability in AIML Chatbot by Vendor XYZ
CVE-2024-48396

Currently unrated

Key Information:

Vendor: Vendor XYZ
Status: AIML Chatbot
Vendor: CVE Published:; 25 October 2024

What is CVE-2024-48396?

The AIML Chatbot 1.0 is susceptible to a Cross Site Scripting vulnerability that arises from improper handling of user input within the message input field. Attackers can exploit this flaw to inject harmful HTML or JavaScript, leading to the execution of malicious scripts on the clients' browsers. As the chatbot does not properly sanitize user inputs, it opens a pathway for potential data theft, session hijacking, or the spread of malware.

References

https://jacobmasse.medium.com/reflected-xss-in-popular-ai...

https://github.com/sohelamin/chatbot

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2024
Vulnerability Reserved
Oct 8, 2024