CVE-2023-30319

2023-07-0600:00:00

mitre

www.cve.org

cross site scripting

username field

chatengine

arbitrary code

AI Score

8.7

Confidence

High

EPSS

0.003

Percentile

68.3%

JSON

Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.

References

github.com/wliang6/ChatEngine/blame/fded8e710ad59f816867ad47d7fc4862f6502f3e/src/chatbotapp/LoginServlet.java#L30:L40

payatu.com/advisory/cross-site-scripting-xxs-vulnerability-in-wliang6-chatengine/