go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Ai3 QbiBot - Stored XSS

TVN ID TVN-202407019
CVE ID CVE-2024-7204
CVSS 6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products QbiBot version v8.0.9.b1 and earlier
Description Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack.
Solution Update to version 8.0.9.02 or later, or install the patch.
Credit shnien(Baohwa Trust)
Public Date 2024-07-31
Top