PT-2024-29900 · Cefsharp+1 · Cefsharp+1

Ry0Tak

Published

2024-08-08

Updated

2024-08-29

CVE-2024-42366

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions VRCX versions prior to 2024.03.23

Description The issue affects VRCX, an assistant/companion application for VRChat. It involves a CefSharp browser with over-permission and cross-site scripting via overlay notification, which can be combined to result in remote command execution.

Recommendations For versions prior to 2024.03.23, update the installation to VRCX 2023.12.24 or later to continue using VRCX, as older versions have been blocked on the VRC's API side.

Exploit

Fix

Improper Privilege Management

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-79

Related Identifiers

CVE-2024-42366

GHSA-J98G-MGJM-WQPH

Affected Products

Cefsharp

Vrcx

PT-2024-29900 · Cefsharp+1 · Cefsharp+1

CVE-2024-42366

Weakness Enumeration

Related Identifiers

Affected Products

References · 7