{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4302", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2024-04-29T03:23:14.861Z", "datePublished": "2024-04-29T05:46:52.134Z", "dateUpdated": "2024-08-01T20:33:53.106Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "livechat SDK", "vendor": "Super 8", "versions": [{"lessThanOrEqual": "4.5.0", "status": "affected", "version": "earlier", "versionType": "custom"}]}], "datePublic": "2024-04-29T05:44:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Super 8 Live Chat online customer service platform fails to properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. When the message recipient views the message, they become susceptible to Cross-site Scripting (XSS) attacks."}], "value": "Super 8 Live Chat online customer service platform fails to properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. When the message recipient views the message, they become susceptible to Cross-site Scripting (XSS) attacks."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-04-29T05:46:52.134Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7779-35562-1.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 4.6.0 or later version\uff08Patch has been released on 2024/3/18. Please refreshing the webpage to automatically update it.\uff09"}], "value": "Update to 4.6.0 or later version\uff08Patch has been released on 2024/3/18. Please refreshing the webpage to automatically update it.\uff09"}], "source": {"advisory": "\tTVN-202404013", "discovery": "EXTERNAL"}, "title": "Super 8 livechat SDK - Cross-site Scripting", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4302", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-29T13:09:20.761927Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:super_8:livechat_SDK:*:*:*:*:*:*:*:*"], "vendor": "super_8", "product": "livechat_SDK", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:55:24.266Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:53.106Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://www.twcert.org.tw/tw/cp-132-7779-35562-1.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7779-35562-1.html", "tags": ["third-party-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:53.106Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4302", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-29T13:09:20.761927Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:super_8:livechat_SDK:*:*:*:*:*:*:*:*"], "vendor": "super_8", "product": "livechat_SDK", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-29T13:11:47.307Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Super 8 livechat SDK - Cross-site Scripting", "source": {"advisory": "\tTVN-202404013", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Super 8", "product": "livechat SDK", "versions": [{"status": "affected", "version": "earlier", "versionType": "custom", "lessThanOrEqual": "4.5.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to 4.6.0 or later version\uff08Patch has been released on 2024/3/18. Please refreshing the webpage to automatically update it.\uff09", "supportingMedia": [{"type": "text/html", "value": "Update to 4.6.0 or later version\uff08Patch has been released on 2024/3/18. Please refreshing the webpage to automatically update it.\uff09", "base64": false}]}], "datePublic": "2024-04-29T05:44:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7779-35562-1.html", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Super 8 Live Chat online customer service platform fails to properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. When the message recipient views the message, they become susceptible to Cross-site Scripting (XSS) attacks.", "supportingMedia": [{"type": "text/html", "value": "Super 8 Live Chat online customer service platform fails to properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. When the message recipient views the message, they become susceptible to Cross-site Scripting (XSS) attacks.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-04-29T05:46:52.134Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4302", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:33:53.106Z", "dateReserved": "2024-04-29T03:23:14.861Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2024-04-29T05:46:52.134Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Super 8 Live Chat online customer service platform fails to properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. When the message recipient views the message, they become susceptible to Cross-site Scripting (XSS) attacks."}, {"lang": "es", "value": "La plataforma de servicio al cliente en l\u00ednea Super 8 Live Chat no filtra adecuadamente la entrada del usuario, lo que permite a atacantes remotos no autenticados insertar c\u00f3digo JavaScript en el cuadro de chat. Cuando el destinatario del mensaje ve el mensaje, se vuelve susceptible a ataques de cross site scripting (XSS)."}], "id": "CVE-2024-4302", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-04-29T06:15:17.803", "references": [{"source": "[email protected]", "url": "https://www.twcert.org.tw/tw/cp-132-7779-35562-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.twcert.org.tw/tw/cp-132-7779-35562-1.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Secondary"}]}

{}