Lucene search
GoogleOSV:GO-2024-2721HistoryMay 09, 2024 - 10:01 p.m.
Cross site scripting in github.com/tiagorlampert/CHAOS
2024-05-0922:01:10
Google
osv.dev
9
cross site scripting
github
jwt token
malicious request
software
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
5.7
Confidence
High
EPSS
0
Percentile
9.0%
A malicious actor may be able to extract a JWT token via malicious “/command” request. This is a form of cross site scripting (XSS).
Related
cve
cve
CVE-2024-31839
2024-04-12 14:15:07
nvd
nvd
CVE-2024-31839
2024-04-12 14:15:07
osv
osv
tiagorlampert CHAOS vulnerable to Cross Site Scripting
2024-04-12 15:37:21
cvelist
cvelist
CVE-2024-31839
2024-04-12 00:00:00
vulnrichment
vulnrichment
CVE-2024-31839
2024-04-12 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2024-04-15 06:31:09
github
github
tiagorlampert CHAOS vulnerable to Cross Site Scripting
2024-04-12 15:37:21
githubexploit
githubexploit
Exploit for CVE-2024-30850
2024-04-05 21:35:04
zdt
zdt
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution Exploit
2024-05-22 00:00:00
CHAOS RAT 5.0.1 Remote Command Execution Exploit
2024-04-11 00:00:00
metasploit
metasploit
Chaos RAT XSS to RCE
2024-04-24 20:51:58
packetstorm
packetstorm
CHAOS RAT 5.0.1 Remote Command Execution
2024-04-10 00:00:00
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution
2024-05-21 00:00:00
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
5.7
Confidence
High
EPSS
0
Percentile
9.0%
Related for OSV:GO-2024-2721