6.1
CVE-2024-38318
- EPSS 0.04%
- Published 05.02.2025 23:15:09
- Last modified 07.03.2025 19:37:23
- Source psirt@us.ibm.com
- Teams watchlist Login
- Open Login
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Data is provided by the National Vulnerability Database (NVD)
Ibm ≫ Aspera Shares Version >= 1.9.0 < 1.10.0
Ibm ≫ Aspera Shares Version1.10.0 Update-
Ibm ≫ Aspera Shares Version1.10.0 Updatepatch_level1
Ibm ≫ Aspera Shares Version1.10.0 Updatepatch_level2
Ibm ≫ Aspera Shares Version1.10.0 Updatepatch_level3
Ibm ≫ Aspera Shares Version1.10.0 Updatepatch_level4
Ibm ≫ Aspera Shares Version1.10.0 Updatepatch_level5
Ibm ≫ Aspera Shares Version1.10.0 Updatepatch_level6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.117 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| psirt@us.ibm.com | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.