CVE-2023-2886

Description

Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Affected products

CBOT / Chatbot0 – Core: v4.0.3.4 Panel: v4.0.3.7

References

MISChttps://www.usom.gov.tr/bildirim/tr-23-0293
MISChttps://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0293