CVE-2024-30264
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-30264
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-30264.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-30264
- Aliases
-
- GHSA-mx2f-9mcr-8j73
- Published
- 2024-04-04T20:18:08.993Z
- Modified
- 2025-12-05T04:18:26.765130Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- typebot.io: `GHSL-2024-040`
- Details
-
Typebot is an open-source chatbot builder. A reflected cross-site scripting (XSS) in the sign-in page of typebot.io prior to version 2.24.0 may allow an attacker to hijack a user's account. The sign-in page takes the
redirectPathparameter from the URL. If a user clicks on a link where theredirectPathparameter has a javascript scheme, the attacker that crafted the link may be able to execute arbitrary JavaScript with the privileges of the user. Version 2.24.0 contains a patch for this issue. - Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-79" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/30xxx/CVE-2024-30264.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/30xxx/CVE-2024-30264.json
- https://github.com/baptisteArno/typebot.io/blob/v2.23.0/apps/builder/src/features/auth/components/SignInForm.tsx#L35
- https://github.com/baptisteArno/typebot.io/commit/d0be29e25732c410b561cbc3c5607c3c1d4b6c8e
- https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-mx2f-9mcr-8j73
- https://nvd.nist.gov/vuln/detail/CVE-2024-30264
Affected packages
Git / github.com/baptistearno/typebot.io
Affected ranges
- Type
- GIT
- Repo
- https://github.com/baptistearno/typebot.io
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
js-lib-v2.*
js-lib-v2.1.4
js-lib-v2.2.0
js-lib-v2.2.1
js-lib-v2.2.10
js-lib-v2.2.11
js-lib-v2.2.12
js-lib-v2.2.13
js-lib-v2.2.15
js-lib-v2.2.16
js-lib-v2.2.17
js-lib-v2.2.2
js-lib-v2.2.3
js-lib-v2.2.4
js-lib-v2.2.5
js-lib-v2.2.6
js-lib-v2.2.7
js-lib-v2.2.8
js-lib-v2.2.9
js-v0.*
js-v0.0.1
js-v0.0.10
js-v0.0.11
js-v0.0.12
js-v0.0.13
js-v0.0.14
js-v0.0.15
js-v0.0.16
js-v0.0.17
js-v0.0.18
js-v0.0.19
js-v0.0.2
js-v0.0.20
js-v0.0.21
js-v0.0.22
js-v0.0.23
js-v0.0.24
js-v0.0.25
js-v0.0.26
js-v0.0.27
js-v0.0.28
js-v0.0.29
js-v0.0.3
js-v0.0.30
js-v0.0.31
js-v0.0.32
js-v0.0.33
js-v0.0.34
js-v0.0.35
js-v0.0.36
js-v0.0.37
js-v0.0.38
js-v0.0.39
js-v0.0.4
js-v0.0.40
js-v0.0.41
js-v0.0.42
js-v0.0.43
js-v0.0.44
js-v0.0.45
js-v0.0.47
js-v0.0.48
js-v0.0.49
js-v0.0.5
js-v0.0.50
js-v0.0.51
js-v0.0.52
js-v0.0.53
js-v0.0.54
js-v0.0.55
js-v0.0.56
js-v0.0.57
js-v0.0.59
js-v0.0.6
js-v0.0.60
js-v0.0.61
js-v0.0.62
js-v0.0.63
js-v0.0.64
js-v0.0.66
js-v0.0.67
js-v0.0.68
js-v0.0.69
js-v0.0.7
js-v0.0.70
js-v0.0.71
js-v0.0.72
js-v0.0.73
js-v0.0.74
js-v0.0.75
js-v0.0.76
js-v0.0.77
js-v0.0.78
js-v0.0.79
js-v0.0.8
js-v0.0.80
js-v0.0.9
js-v0.1.0
js-v0.1.1
js-v0.1.10
js-v0.1.11
js-v0.1.12
js-v0.1.13
js-v0.1.14
js-v0.1.15
js-v0.1.16
js-v0.1.17
js-v0.1.18
js-v0.1.2
js-v0.1.20
js-v0.1.21
js-v0.1.23
js-v0.1.24
js-v0.1.25
js-v0.1.26
js-v0.1.27
js-v0.1.29
js-v0.1.3
js-v0.1.30
js-v0.1.31
js-v0.1.32
js-v0.1.33
js-v0.1.34
js-v0.1.4
js-v0.1.5
js-v0.1.6
js-v0.1.7
js-v0.1.8
js-v0.2.0
js-v0.2.1
js-v0.2.10
js-v0.2.11
js-v0.2.12
js-v0.2.14
js-v0.2.15
js-v0.2.16
js-v0.2.17
js-v0.2.19
js-v0.2.2
js-v0.2.20
js-v0.2.21
js-v0.2.22
js-v0.2.23
js-v0.2.24
js-v0.2.25
js-v0.2.26
js-v0.2.27
js-v0.2.28
js-v0.2.29
js-v0.2.3
js-v0.2.30
js-v0.2.31
js-v0.2.32
js-v0.2.33
js-v0.2.34
js-v0.2.35
js-v0.2.38
js-v0.2.39
js-v0.2.4
js-v0.2.40
js-v0.2.41
js-v0.2.42
js-v0.2.43
js-v0.2.44
js-v0.2.45
js-v0.2.46
js-v0.2.47
js-v0.2.48
js-v0.2.49
js-v0.2.5
js-v0.2.50
js-v0.2.51
js-v0.2.52
js-v0.2.53
js-v0.2.54
js-v0.2.55
js-v0.2.56
js-v0.2.57
js-v0.2.58
js-v0.2.59
js-v0.2.6
js-v0.2.60
js-v0.2.7
js-v0.2.8
js-v0.2.9
nextjs-v0.*
nextjs-v0.1.0
nextjs-v0.1.10
nextjs-v0.1.11
nextjs-v0.1.12
nextjs-v0.1.13
nextjs-v0.1.14
nextjs-v0.1.15
nextjs-v0.1.16
nextjs-v0.1.17
nextjs-v0.1.18
nextjs-v0.1.2
nextjs-v0.1.20
nextjs-v0.1.21
nextjs-v0.1.23
nextjs-v0.1.24
nextjs-v0.1.25
nextjs-v0.1.26
nextjs-v0.1.27
nextjs-v0.1.29
nextjs-v0.1.3
nextjs-v0.1.30
nextjs-v0.1.31
nextjs-v0.1.32
nextjs-v0.1.33
nextjs-v0.1.34
nextjs-v0.1.4
nextjs-v0.1.5
nextjs-v0.1.6
nextjs-v0.1.7
nextjs-v0.1.8
nextjs-v0.2.0
nextjs-v0.2.1
nextjs-v0.2.10
nextjs-v0.2.11
nextjs-v0.2.12
nextjs-v0.2.14
nextjs-v0.2.15
nextjs-v0.2.16
nextjs-v0.2.17
nextjs-v0.2.19
nextjs-v0.2.2
nextjs-v0.2.20
nextjs-v0.2.21
nextjs-v0.2.22
nextjs-v0.2.23
nextjs-v0.2.24
nextjs-v0.2.25
nextjs-v0.2.26
nextjs-v0.2.27
nextjs-v0.2.28
nextjs-v0.2.29
nextjs-v0.2.3
nextjs-v0.2.30
nextjs-v0.2.31
nextjs-v0.2.33
nextjs-v0.2.34
nextjs-v0.2.35
nextjs-v0.2.38
nextjs-v0.2.39
nextjs-v0.2.4
nextjs-v0.2.40
nextjs-v0.2.41
nextjs-v0.2.42
nextjs-v0.2.43
nextjs-v0.2.44
nextjs-v0.2.45
nextjs-v0.2.46
nextjs-v0.2.47
nextjs-v0.2.48
nextjs-v0.2.49
nextjs-v0.2.5
nextjs-v0.2.50
nextjs-v0.2.51
nextjs-v0.2.52
nextjs-v0.2.53
nextjs-v0.2.54
nextjs-v0.2.55
nextjs-v0.2.56
nextjs-v0.2.57
nextjs-v0.2.58
nextjs-v0.2.59
nextjs-v0.2.6
nextjs-v0.2.60
nextjs-v0.2.7
nextjs-v0.2.8
nextjs-v0.2.9
react-v0.*
react-v0.0.1
react-v0.0.10
react-v0.0.11
react-v0.0.12
react-v0.0.13
react-v0.0.14
react-v0.0.15
react-v0.0.16
react-v0.0.17
react-v0.0.18
react-v0.0.19
react-v0.0.2
react-v0.0.20
react-v0.0.21
react-v0.0.22
react-v0.0.23
react-v0.0.24
react-v0.0.25
react-v0.0.26
react-v0.0.27
react-v0.0.28
react-v0.0.29
react-v0.0.3
react-v0.0.30
react-v0.0.31
react-v0.0.32
react-v0.0.33
react-v0.0.34
react-v0.0.35
react-v0.0.36
react-v0.0.37
react-v0.0.38
react-v0.0.39
react-v0.0.4
react-v0.0.40
react-v0.0.41
react-v0.0.42
react-v0.0.43
react-v0.0.44
react-v0.0.45
react-v0.0.47
react-v0.0.48
react-v0.0.49
react-v0.0.5
react-v0.0.50
react-v0.0.51
react-v0.0.52
react-v0.0.53
react-v0.0.54
react-v0.0.55
react-v0.0.56
react-v0.0.57
react-v0.0.59
react-v0.0.6
react-v0.0.60
react-v0.0.61
react-v0.0.62
react-v0.0.63
react-v0.0.64
react-v0.0.66
react-v0.0.67
react-v0.0.68
react-v0.0.69
react-v0.0.7
react-v0.0.70
react-v0.0.71
react-v0.0.72
react-v0.0.73
react-v0.0.74
react-v0.0.75
react-v0.0.76
react-v0.0.77
react-v0.0.78
react-v0.0.79
react-v0.0.8
react-v0.0.80
react-v0.0.9
react-v0.1.0
react-v0.1.1
react-v0.1.10
react-v0.1.11
react-v0.1.12
react-v0.1.13
react-v0.1.14
react-v0.1.15
react-v0.1.16
react-v0.1.17
react-v0.1.18
react-v0.1.2
react-v0.1.20
react-v0.1.21
react-v0.1.23
react-v0.1.24
react-v0.1.25
react-v0.1.26
react-v0.1.27
react-v0.1.29
react-v0.1.3
react-v0.1.30
react-v0.1.31
react-v0.1.32
react-v0.1.33
react-v0.1.34
react-v0.1.4
react-v0.1.5
react-v0.1.6
react-v0.1.7
react-v0.1.8
react-v0.2.0
react-v0.2.1
react-v0.2.10
react-v0.2.11
react-v0.2.12
react-v0.2.14
react-v0.2.15
react-v0.2.16
react-v0.2.17
react-v0.2.19
react-v0.2.2
react-v0.2.20
react-v0.2.21
react-v0.2.22
react-v0.2.23
react-v0.2.24
react-v0.2.25
react-v0.2.26
react-v0.2.27
react-v0.2.28
react-v0.2.29
react-v0.2.3
react-v0.2.30
react-v0.2.31
react-v0.2.32
react-v0.2.33
react-v0.2.34
react-v0.2.35
react-v0.2.38
react-v0.2.39
react-v0.2.4
react-v0.2.40
react-v0.2.41
react-v0.2.42
react-v0.2.43
react-v0.2.44
react-v0.2.45
react-v0.2.46
react-v0.2.47
react-v0.2.48
react-v0.2.49
react-v0.2.5
react-v0.2.50
react-v0.2.51
react-v0.2.52
react-v0.2.53
react-v0.2.54
react-v0.2.55
react-v0.2.56
react-v0.2.57
react-v0.2.58
react-v0.2.59
react-v0.2.6
react-v0.2.60
react-v0.2.7
react-v0.2.8
react-v0.2.9
v2.*
v2.0.0
v2.1.0
v2.1.1
v2.1.2
v2.10.0
v2.10.1
v2.10.2
v2.10.3
v2.10.4
v2.10.5
v2.11.0
v2.11.1
v2.11.2
v2.11.3
v2.11.4
v2.11.5
v2.11.6
v2.11.7
v2.11.8
v2.11.9
v2.12.0
v2.12.1
v2.12.2
v2.12.3
v2.13.0
v2.13.1
v2.13.2
v2.13.3
v2.13.4
v2.13.5
v2.14.0
v2.14.1
v2.15.0
v2.15.1
v2.15.2
v2.16.0
v2.17.0
v2.17.1
v2.17.2
v2.18.0
v2.18.1
v2.18.2
v2.18.3
v2.18.4
v2.19.0
v2.19.1
v2.2.0
v2.2.1
v2.2.9
v2.20.0
v2.21.0
v2.21.1
v2.21.2
v2.21.3
v2.22.0
v2.23.0
v2.3.0
v2.4.0
v2.5.0
v2.5.1
v2.6.0
v2.6.1
v2.6.2
v2.7.0
v2.7.1
v2.8.0
v2.8.1
v2.8.10
v2.8.11
v2.8.12
v2.8.3
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9
v2.9.0
v2.9.1
v2.9.2
v2.9.3
v2.9.4