Skip to main content

Qbibot

3 CVEs product

Monthly

CVE-2024-7204 MEDIUM This Month

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Qbibot
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-3778 HIGH This Week

The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Qbibot
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-3777 CRITICAL Act Now

The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Qbibot
NVD
CVSS 3.1
9.8
EPSS
0.7%
EPSS 0% CVSS 6.1
MEDIUM This Month

Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Qbibot
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Qbibot
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Qbibot
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy