RSS   Vulnerabilities for 'Qb smart service robot'   RSS

2021-12-20
 
CVE-2021-44162

CWE-22
 

 
Chain Sea ai chatbot system�??s specific file download function has path traversal vulnerability. The function has improper filtering of special characters in URL parameters, which allows a remote attacker to download arbitrary system files without authentication.

 
 
CVE-2021-44163

CWE-79
 

 
Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authentication.

 
 
CVE-2021-44164

CWE-434
 

 
Chain Sea ai chatbot system�??s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in order to take control of the system or terminate service.

 


Copyright 2024, cxsecurity.com

 

Back to Top