oxguy3 coebot-www js/channel.js cross site scripting

A vulnerability was found in oxguy3 coebot-www and classified as problematic. This issue affects the function displayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighlights/showChannelBoir of the file js/channel.js. The manipulation leads to cross site scripting. The CWE definition for the vulnerability is CWE-79. The weakness was published 01/04/2023 as c1a6c44092585da4236237e0e7da94ee2996a0ca. It is possible to read the advisory at github.com. The identification of this vulnerability is CVE-2016-15008. The attack may be initiated remotely. Technical details are available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK. It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. The patch is named c1a6c44092585da4236237e0e7da94ee2996a0ca. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue.

3 Changes · 72 Data Points

FieldCreated
01/04/2023 10:37 AM
Update 1/2
01/28/2023 07:53 AM
Update 2/2
01/28/2023 07:59 AM
software_vendoroxguy3oxguy3oxguy3
software_namecoebot-wwwcoebot-wwwcoebot-www
software_filejs/channel.jsjs/channel.jsjs/channel.js
software_functiondisplayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighlights/showChannelBoirdisplayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighlights/showChannelBoirdisplayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighlights/showChannelBoir
vulnerability_cweCWE-79 (cross site scripting)CWE-79 (cross site scripting)CWE-79 (cross site scripting)
vulnerability_risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
advisory_identifierc1a6c44092585da4236237e0e7da94ee2996a0cac1a6c44092585da4236237e0e7da94ee2996a0cac1a6c44092585da4236237e0e7da94ee2996a0ca
advisory_urlhttps://github.com/oxguy3/coebot-www/commit/c1a6c44092585da4236237e0e7da94ee2996a0cahttps://github.com/oxguy3/coebot-www/commit/c1a6c44092585da4236237e0e7da94ee2996a0cahttps://github.com/oxguy3/coebot-www/commit/c1a6c44092585da4236237e0e7da94ee2996a0ca
countermeasure_namePatchPatchPatch
patch_namec1a6c44092585da4236237e0e7da94ee2996a0cac1a6c44092585da4236237e0e7da94ee2996a0cac1a6c44092585da4236237e0e7da94ee2996a0ca
countermeasure_patch_urlhttps://github.com/oxguy3/coebot-www/commit/c1a6c44092585da4236237e0e7da94ee2996a0cahttps://github.com/oxguy3/coebot-www/commit/c1a6c44092585da4236237e0e7da94ee2996a0cahttps://github.com/oxguy3/coebot-www/commit/c1a6c44092585da4236237e0e7da94ee2996a0ca
countermeasure_advisoryquotefixed XSS injection vulns on channel.phpfixed XSS injection vulns on channel.phpfixed XSS injection vulns on channel.php
source_cveCVE-2016-15008CVE-2016-15008CVE-2016-15008
cna_responsibleVulDBVulDBVulDB
advisory_date1672786800 (01/04/2023)1672786800 (01/04/2023)1672786800 (01/04/2023)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_prLLL
cvss3_vuldb_eXXX
cvss2_vuldb_basescore4.04.04.0
cvss2_vuldb_tempscore3.53.53.5
cvss3_vuldb_basescore3.53.53.5
cvss3_vuldb_tempscore3.43.43.4
cvss3_meta_basescore3.53.54.4
cvss3_meta_tempscore3.43.44.3
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1672786800 (01/04/2023)1672786800 (01/04/2023)
cve_nvd_summaryA vulnerability was found in oxguy3 coebot-www and classified as problematic. This issue affects the function displayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighlights/showChannelBoir of the file js/channel.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is c1a6c44092585da4236237e0e7da94ee2996a0ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217355.A vulnerability was found in oxguy3 coebot-www and classified as problematic. This issue affects the function displayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighlights/showChannelBoir of the file js/channel.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is c1a6c44092585da4236237e0e7da94ee2996a0ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217355.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auS
cvss2_nvd_ciN
cvss2_nvd_iiP
cvss2_nvd_aiN
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiR
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iL
cvss3_cna_aN
cve_cnaVulDB
cvss2_nvd_basescore4.0
cvss3_nvd_basescore6.1
cvss3_cna_basescore3.5

Want to stay up to date on a daily basis?

Enable the mail alert feature now!