Products
Xiexe XSOverlay
- before build 647
Source
cve@mitre.org
Tags
CVE-2024-23168 details
Published : Aug. 15, 2024, 7:15 p.m.
Last Modified : Aug. 15, 2024, 9:35 p.m.
Last Modified : Aug. 15, 2024, 9:35 p.m.
Description
Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9.8 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-1385 | Missing Origin Validation in WebSockets | The product uses a WebSocket, but it does not properly verify that the source of data or communication is valid. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
9.8
Exploitability Score
3.9
Impact Score
5.9
Base Severity
CRITICAL
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
URL | Source |
---|---|
https://github.com/Xiexe/XSOverlay-Issue-Tracker | cve@mitre.org |
https://store.steampowered.com/news/app/1173510?emclan=103582791465938574&emgid=7792991106417394332 | cve@mitre.org |
https://vuln.ryotak.net/advisories/70 | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.