{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-27T15:13:48.824","vulnerabilities":[{"cve":{"id":"CVE-2024-30264","sourceIdentifier":"security-advisories@github.com","published":"2024-04-04T21:15:16.380","lastModified":"2026-01-30T14:12:48.600","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Typebot is an open-source chatbot builder. A reflected cross-site scripting (XSS) in the sign-in page of typebot.io prior to version 2.24.0 may allow an attacker to hijack a user's account. The sign-in page takes the `redirectPath` parameter from the URL. If a user clicks on a link where the `redirectPath` parameter has a javascript scheme, the attacker that crafted the link may be able to execute arbitrary JavaScript with the privileges  of the user. Version 2.24.0 contains a patch for this issue."},{"lang":"es","value":"Typebot es un creador de chatbots de código abierto. Un cross-site scripting (XSS) reflejado en la página de inicio de sesión de typebot.io antes de la versión 2.24.0 puede permitir que un atacante se apodere de la cuenta de un usuario. La página de inicio de sesión toma el parámetro `redirectPath` de la URL. Si un usuario hace clic en un enlace donde el parámetro `redirectPath` tiene un esquema javascript, el atacante que creó el enlace puede ejecutar JavaScript arbitrario con los privilegios del usuario. La versión 2.24.0 contiene un parche para este problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:typebot:typebot:*:*:*:*:*:-:*:*","versionEndExcluding":"2.24.0","matchCriteriaId":"7B7CC1DB-A840-4C66-9746-1CDD47291391"}]}]}],"references":[{"url":"https://github.com/baptisteArno/typebot.io/blob/v2.23.0/apps/builder/src/features/auth/components/SignInForm.tsx#L35","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/baptisteArno/typebot.io/commit/d0be29e25732c410b561cbc3c5607c3c1d4b6c8e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-mx2f-9mcr-8j73","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/baptisteArno/typebot.io/blob/v2.23.0/apps/builder/src/features/auth/components/SignInForm.tsx#L35","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://github.com/baptisteArno/typebot.io/commit/d0be29e25732c410b561cbc3c5607c3c1d4b6c8e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-mx2f-9mcr-8j73","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}}]}