5.4
CVE-2024-9007
- EPSS 0.96%
- Veröffentlicht 19.09.2024 23:15:12
- Zuletzt bearbeitet 25.09.2024 18:40:31
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
Loginjeanmarc77 123solar detailed.php cross site scripting
A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. This affects an unknown part of the file /detailed.php. The manipulation of the argument date1 leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named 94bf9ab7ad0ccb7fbdc02f172f37f0e2ea08d48f. It is recommended to apply a patch to fix this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jeanmarc77 ≫ 123solar Version1.8.4.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.96% | 0.569 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| cna@vuldb.com | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 3.5 | 2.1 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
|
| cna@vuldb.com | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://github.com/jeanmarc77/123solar/commit/94bf9ab7ad0ccb7fbdc02f172f37f0e2ea08d48f
https://github.com/jeanmarc77/123solar/issues/73
https://github.com/jeanmarc77/123solar/issues/73#issuecomment-2357648077
https://vuldb.com/?ctiid.278163
https://vuldb.com/?id.278163
https://vuldb.com/?submit.408299