CVE-2024-4975

LOW

Simple Chat System 1.0 - XSS

Title source: llm

Description

A vulnerability, which was classified as problematic, has been found in code-projects Simple Chat System 1.0. This issue affects some unknown processing of the component Message Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264539.

References (4)

[Exploit, Third Party Advisory] https://github.com/BurakSevben/CVEs/blob/main/Simple%20Chat%20App/Simple%20Chat%20App%20-%20Cross-Site-Scripting-2.md

View Exploit ZIP pw:eip

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.264539

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.264539

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.335206

Scores

CVSS v3 3.5

EPSS 0.0012

EPSS Percentile 30.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (1)

code-projects/simple_chat_system

Timeline

Published May 16, 2024

Tracked Since Feb 18, 2026