CVE-2024-13019

LOW

code-projects Chat System 1.0 - XSS

Title source: llm

Description

A vulnerability classified as problematic has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/update_room.php of the component Chat Room Page. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely.

References (5)

[Product] https://code-projects.org/

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.289710

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.289710

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.470599

[Product] https://code-projects.org/chat-system-using-php-source-code/

Scores

CVSS v3 3.5

EPSS 0.0013

EPSS Percentile 32.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Classification

CWE

CWE-94 CWE-79

Status published

Affected Products (1)

code-projects/chat_system

Timeline

Published Dec 29, 2024

Tracked Since Feb 18, 2026