CVE-2024-7204

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack...

CVE-2024-7204 Ai3 QbiBot - Stored XSS

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack...

CVE-2024-7204 Ai3 QbiBot - Stored XSS

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack...

CVE-2024-7204

CVE-2024-7204 affects Ai3 QbiBot, where the chat input is not properly filtered. This allows an unauthenticated remote attacker to inject JavaScript into chat messages, which becomes a stored XSS when the recipient views the message. The vulnerability is described as a Stored XSS affecting the ch...

Ai3 QbiBot 跨站脚本漏洞

Ai3 QbiBot is an intelligent customer service from the Chinese company Ai3. Ai3 QbiBot v8.0.9.b1 and prior versions suffer from a cross-site scripting vulnerability that originates from not properly filtering user input, allowing an unauthenticated, remote attacker to insert JavaScript code into...

CVE-2024-3778

The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing malicious code...

CVE-2024-3778 Ai3 QbiBot - Unrestricted File Upload

The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing malicious code...

CVE-2024-3778

CVE-2024-3778 affects Ai3 QbiBot due to an unrestricted file upload weakness. The issue allows remote attackers with administrator privileges to upload files of dangerous types containing malicious code through the file upload functionality. Affected release range is before 8.0.4; upgrading to 8....

CVE-2024-3778 Ai3 QbiBot - Unrestricted File Upload

The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing malicious code...

CVE-2024-3777

CVE-2024-3777 affects Ai3 QbiBot where the password reset feature has broken access control, allowing unauthenticated remote reset of any user’s password. Public sources indicate the vulnerability exists in Ai3 QbiBot v8.0.4 and earlier. The CVSS‑3.1 base score is 9.8 (CRITICAL) with network acce...

CVE-2024-3777 Ai3 QbiBot - Broken Access Control

The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password...

Ai3 QbiBot 代码问题漏洞

Ai3 QbiBot is an intelligent customer service from the Chinese company Ai3. A code issue vulnerability exists in Ai3 QbiBot v8.0.4 and earlier versions, which stems from the presence of a file upload vulnerability. An attacker can exploit this vulnerability to upload a file containing malicious...

Ai3 QbiBot 访问控制错误漏洞

Ai3 QbiBot is an intelligent customer service from the Chinese company Ai3. An access control error vulnerability exists in Ai3 QbiBot v8.0.4 and earlier versions, which stems from an access control error vulnerability in the password reset feature. An attacker can exploit this vulnerability to...