A vulnerability was found in oxguy3 coebot-www and classified as problematic. This issue affects the function displayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighlights/showChannelBoir
of the file js/channel.js. The manipulation leads to cross site scripting. The CWE definition for the vulnerability is CWE-79. The weakness was published 01/04/2023 as c1a6c44092585da4236237e0e7da94ee2996a0ca. It is possible to read the advisory at github.com.
The identification of this vulnerability is CVE-2016-15008. The attack may be initiated remotely. Technical details are available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK.
It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k.
The patch is named c1a6c44092585da4236237e0e7da94ee2996a0ca. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue.
3 Changes · 72 Data Points