PT-2024-19694 · Xiexe · Xiexe Xsoverlay
Ryotak
·
Published
2024-08-15
·
Updated
2024-08-19
·
CVE-2024-23168
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Xiexe XSOverlay versions prior to build 647
Description
The issue allows non-local websites to send malicious commands to the WebSocket API, resulting in arbitrary code execution.
Recommendations
For versions prior to build 647, update to build 647 or later to resolve the issue. As a temporary workaround, consider restricting access to the WebSocket API until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xiexe Xsoverlay