CVE-2024-48396

MEDIUM

AIML Chatbot 1.0 - Cross-Site Scripting via Message Input Field

Title source: llm
STIX 2.1

Description

AIML Chatbot 1.0 (fixed in 2.0) is vulnerable to Cross Site Scripting (XSS). The vulnerability is exploited through the message input field, where attackers can inject malicious HTML or JavaScript code. The chatbot fails to sanitize these inputs, leading to the execution of malicious scripts.

Scores

CVSS v3 6.1
EPSS 0.0031
EPSS Percentile 23.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Published Oct 25, 2024
Tracked Since Feb 18, 2026