Vulnerability
Cross Site Scripting (XSS) vulnerability in username field in chatbox functionality in ChatEngine 1.0
Description
The Application does not sanitize or escape username parameter, making it vulnerable to reflected cross-site scripting attacks (XSS) when a victim opens the malicious url sent by an attacker.
CVE-ID
CVE-2023-30326
Vendor
wliang6
Product
ChatEngine 1.0
Disclosure Timeline
Reported On: 01-04-2023
Made Public On: 06-07-2023
Fixed On: Not Fixed
Credits
Akshat Singhal