CVE-2023-2884

CVE-2023-2884 concerns CBOT Chatbot’s cryptographically weak PRNG and insufficiently random values, enabling signature spoofing by key recreation. Public details indicate affected components: Core prior to v4.0.3.4 and Panel prior to v4.0.3.7. The vulnerability resides in the randomness used for ...

CVE-2023-2884 Insecure Randomness in CBOT's Chatbot

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG, Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

CVE-2023-2883 IDOR in CBOT's Chatbot

Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

CVE-2023-2883 IDOR in CBOT's Chatbot

Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

CVE-2023-2883

The CVE-2023-2883 issue affects CBOT Chatbot Core prior to v4.0.3.4 and Panel prior to v4.0.3.7, described as an Authorization Bypass through a User-Controlled Key that enables Authentication Abuse. The vulnerability is documented across sources (NVD entry and CVE records) with a CVSS v3.1 base s...

CVE-2023-2882 Privilege Escalation in CBOT's Chatbot

Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

CVE-2023-2882

CVE-2023-2882 affects CBOT Chatbot Core before v4.0.3.4 and Panel before v4.0.3.7. The issue is the generation of incorrect security tokens, which allows token impersonation and privilege abuse (privilege escalation). Affected components: Core token generation and Panel handling. Reported impact ...

CVE-2023-2882 Privilege Escalation in CBOT's Chatbot

Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

PT-2023-22000 · Unknown · Cbot Chatbot

Name of the Vulnerable Software and Affected Versions: CBOT Chatbot versions prior to Core: v4.0.3.4 CBOT Chatbot versions prior to Panel: v4.0.3.7 Description: The issue is related to the use of a cryptographically weak pseudo-random number generator PRNG and insufficiently random values in the...

CBOT Chatbot 安全特征问题漏洞

CBOT Chatbot is an AI-powered real-time chat solution from CBOT. A security signature issue vulnerability exists in CBOT Chatbot Core prior to v4.0.3.4, Panel prior to v4.0.3.7, which stems from the use of Cryptographically Weak Pseudo-Random Number Generator PRNG, which allows signature spoofing...

CBOT Chatbot 安全漏洞

CBOT Chatbot is an AI-powered real-time chat solution from CBOT. A security vulnerability exists in CBOT Chatbot Core prior to v4.0.3.4, Panel prior to v4.0.3.7, which stems from the generation of incorrect security tokens, allowing token emulation, privilege abuse...

PT-2023-21994

Name of the Vulnerable Software and Affected Versions CBOT Chatbot versions prior to Core: v4.0.3.4 CBOT Chatbot versions prior to Panel: v4.0.3.7 Description The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability, allowing for Authentication Abuse and...

AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot 1. Go to "Settings Language Settings ChatBot Keywords" 2. Enter...

PT-2023-22019 · Unknown · Cbot Chatbot

Name of the Vulnerable Software and Affected Versions: CBOT Chatbot versions prior to Core: v4.0.3.4 CBOT Chatbot versions prior to Panel: v4.0.3.7 Description: The issue is related to an Authentication Bypass by Spoofing vulnerability in CBOT Chatbot, allowing unauthorized access. Recommendation...

CBOT Chatbot 访问控制错误漏洞

CBOT Chatbot is an AI-powered real-time chat solution from CBOT. A security vulnerability exists in CBOT Chatbot Core prior to v4.0.3.4, Panel prior to v4.0.3.7, which stems from a lack of origin authentication in WebSockets and allows content spoofing via the application API...

CBOT Chatbot 安全漏洞

CBOT Chatbot is an AI-powered real-time chat solution from CBOT. A security vulnerability exists in CBOT Chatbot Core prior to v4.0.3.4, Panel prior to v4.0.3.7, which stems from a vulnerability that allows token emulation, privilege abuse, and authorization bypass by a user-controlled key...

AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot PoC 1. Go to "Settings Language Settings ChatBot Keywords" 2...

qubotchat < 1.1.6 - Unauthenticated Stored XSS

The plugin doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard. PoC 1. Enter " as the malicious payload into the chatbot input. 2. See XSS vulnerability...

AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Go to plugin settings under "WPBot Lite Simple Text Responses" 2. Enter the payload Test Query"...

WordPress AI Engine: ChatGPT Chatbot Plugin <= 1.6.82 is vulnerable to Cross Site Scripting (XSS)

Software AI Engine: ChatGPT Chatbot Type Plugin Vulnerable versions = 1.6.82 Fixed in 1.6.83 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2580 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 262a43aa67fb Credits Felipe...