Advisory #70
| Title | XSOverlay remote code execution via WebSocket |
| CVE ID | CVE-2024-23168 |
| Vendor | Xiexe |
| Affected product | XSOverlay |
| Affected versions | < Build 667 |
| Vulnerability type | CWE-1385: Missing Origin Validation in WebSockets |
| Description | XSOverlay had a vulnerability that allowed non-local websites to send the malicious command to the WebSocket API, resulting in the arbitrary code execution |
| Status | Fixed in Build 667 |
| Recommendation | Update to Build 667 or above. |