Vulnerability
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine, allows attackers to execute arbitrary code.
Description
The Application does not sanitize or escape username parameter, making it vulnerable to reflected cross-site scripting attacks (XSS) when a victim opens the malicious url sent by an attacker.
CVE-ID
CVE-2023-30319
Vendor
wliang6
Product
ChatEngine 1.0
Disclosure Timeline
Reported On: 01-04-2023
Made Public On: 06-07-2023
Fixed On: Not Fixed
Credits
Akshat Singhal