CVE-2024-6526

Exploit

EPSS 0.52%
Veröffentlicht 05.07.2024 14:15:03
Zuletzt bearbeitet 21.11.2024 09:49:48
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

CodeIgniter Ecommerce-CodeIgniter-Bootstrap cross site scripting

A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter-Bootstrap up to 1998845073cf433bc6c250b0354461fbd84d0e03. This affects an unknown part. The manipulation of the argument search_title/catName/sub/name/categorie leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 1b3da45308bb6c3f55247d0e99620b600bd85277. It is recommended to apply a patch to fix this issue. The identifier VDB-270369 was assigned to this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 1 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ecommerce-codeigniter-bootstrap Project ≫ Ecommerce-codeigniter-bootstrap Version < 2024-07-03

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.52%	0.399

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cna@vuldb.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	3.5	2.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
cna@vuldb.com	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/1b3da45308bb6c3f55247d0e99620b600bd85277

Patch

https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/263

Exploit

Issue Tracking

https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/263#issuecomment-2199387443

Exploit

Issue Tracking

https://vuldb.com/?ctiid.270369

VDB Entry

Permissions Required

https://vuldb.com/?id.270369

Third Party Advisory

VDB Entry

https://vuldb.com/?submit.368472

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2024-6526

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6526

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6526

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-6526