Vulnerability
Cross Site Scripting (XSS) in username field in chatWindow functionality in ChatEngine 1.0
Description
ThThe Application does not sanitize or escape username parameter, making it vulnerable to Stored cross-site scripting attacks (XSS). The payload will trigger when a when a victim will visit the chatwindow page.
CVE-ID
CVE-2023-30322
Vendor
wliang6
Product
ChatEngine 1.0
Disclosure Timeline
Reported On: 01-04-2023
Made Public On: 06-07-2023
Fixed On: Not Fixed
Credits
Akshat Singhal