17 matches found
CVE-2025-9639
The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...
CVE-2025-9639
The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...
Ai3 QbiCRMGateway 安全漏洞
Ai3 QbiCRMGateway is a customer relationship management gateway product from Ai3. A security vulnerability exists in QbiCRMGateway that stems from susceptibility to a relative path traversal attack that could result in the download of arbitrary system files...
CVE-2024-7204
Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack...
CVE-2024-7204 Ai3 QbiBot - Stored XSS
Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack...
CVE-2024-7204 Ai3 QbiBot - Stored XSS
Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack...
CVE-2024-7204
CVE-2024-7204 affects Ai3 QbiBot, where the chat input is not properly filtered. This allows an unauthenticated remote attacker to inject JavaScript into chat messages, which becomes a stored XSS when the recipient views the message. The vulnerability is described as a Stored XSS affecting the ch...
Ai3 QbiBot 跨站脚本漏洞
Ai3 QbiBot is an intelligent customer service from the Chinese company Ai3. Ai3 QbiBot v8.0.9.b1 and prior versions suffer from a cross-site scripting vulnerability that originates from not properly filtering user input, allowing an unauthenticated, remote attacker to insert JavaScript code into...
CVE-2024-3778
The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing malicious code...
CVE-2024-3778 Ai3 QbiBot - Unrestricted File Upload
The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing malicious code...
CVE-2024-3778
CVE-2024-3778 affects Ai3 QbiBot due to an unrestricted file upload weakness. The issue allows remote attackers with administrator privileges to upload files of dangerous types containing malicious code through the file upload functionality. Affected release range is before 8.0.4; upgrading to 8....
CVE-2024-3778 Ai3 QbiBot - Unrestricted File Upload
The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing malicious code...
CVE-2024-3777
CVE-2024-3777 affects Ai3 QbiBot where the password reset feature has broken access control, allowing unauthenticated remote reset of any user’s password. Public sources indicate the vulnerability exists in Ai3 QbiBot v8.0.4 and earlier. The CVSS‑3.1 base score is 9.8 (CRITICAL) with network acce...
CVE-2024-3777 Ai3 QbiBot - Broken Access Control
The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password...
Ai3 QbiBot 代码问题漏洞
Ai3 QbiBot is an intelligent customer service from the Chinese company Ai3. A code issue vulnerability exists in Ai3 QbiBot v8.0.4 and earlier versions, which stems from the presence of a file upload vulnerability. An attacker can exploit this vulnerability to upload a file containing malicious...
Ai3 QbiBot 访问控制错误漏洞
Ai3 QbiBot is an intelligent customer service from the Chinese company Ai3. An access control error vulnerability exists in Ai3 QbiBot v8.0.4 and earlier versions, which stems from an access control error vulnerability in the password reset feature. An attacker can exploit this vulnerability to...
ai3.uni-bayreuth.de Cross Site Scripting vulnerability OBB-2374880
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...