Vulnerability
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.
Description
The Application does not sanitize or escape txtMessage parameter, making it vulnerable to Stored cross-site scripting attacks (XSS). The payload will trigger when a when a victim will visit to login page.
CVE-ID
CVE-2023-30321
Vendor
wliang6
Product
ChatEngine 1.0
Disclosure Timeline
Reported On: 01-04-2023
Made Public On: 06-07-2023
Fixed On: Not Fixed
Credits
Akshat Singhal