Lucene search

[email protected]CVE-2024-21732

HistoryJan 01, 2024 - 8:15 a.m.

CVE-2024-21732

2024-01-0108:15:36

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-21732

flycms

abbaa5a

xss

permission management

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

FlyCms through abbaa5a allows XSS via the permission management feature.

Affected configurations

NVD

Node

flycms_projectflycmsRange≤2019-12-20

CPENameOperatorVersion
flycms_project:flycmsflycms project flycmsle2019-12-20

CPE	Name	Operator	Version
flycms_project:flycms	flycms project flycms	le	2019-12-20

References

github.com/Ghostfox2003/cms/blob/main/1.md

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2024-21732

prion1 cvelist1 nvd1