Cross-Site Scripting (XSS) vulnerability in Oct8ne

Posted date 24/09/2024

Importance

3 - Medium

Affected Resources

All versions of Oct8ne.

Description

INCIBE has coordinated the publication of a medium severity vulnerability affecting Oct8ne, a chat platform with virtual support for e-commerce, which has been discovered by Raquel Gálvez Farfán of Hispasec.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and CWE vulnerability type:

CVE-2024-9141: 5.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | CWE-79

Solution

The vulnerability has been resolved in the latest version of the application.

Detail

CVE-2024-9141: Cross-Site Scripting (XSS) vulnerability in the Oct8ne system. This flaw could allow an attacker to embed harmful JavaScript code into the body of a chat message. This manipulation occurs when the chat content is intercepted and altered, leading to the execution of the JavaScript payload.

References list

Oct8ne web page

Etiquetas

Update
CNA
Communications
Vulnerability