CVE-2024-23168

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-23168

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

V

ulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution.

References
Link Resource
https://github.com/Xiexe/XSOverlay-Issue-Tracker
https://store.steampowered.com/news/app/1173510?emclan=103582791465938574&emgid=7792991106417394332
https://vuln.ryotak.net/advisories/70
Configurations

No configuration.

History

19 Aug 2024, 13:00

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-15 19:15

Updated : 2024-08-19 13:00

NVD link : CVE-2024-23168

Mitre link : CVE-2024-23168

CVE.ORG link : CVE-2024-23168

JSON object : View

Products Affected

No product.

CWE
CWE-1385

Missing Origin Validation in WebSockets