Lucene search

MitreCVE-2024-23997

HistoryJul 05, 2024 - 4:15 p.m.

CVE-2024-23997

2024-07-0516:15:04

CWE-79

mitre

web.nvd.nist.gov

lukas bach yana

cross site scripting

vulnerability

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

37.6%

JSON

Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts.

Affected configurations

Nvd

Node

lukasbachyanaRange≤1.0.16

VendorProductVersionCPE
lukasbachyana*cpe:2.3:a:lukasbach:yana:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lukasbach	yana	*	cpe:2.3:a:lukasbach:yana::::::::

References

github.com/EQSTLab/PoC/tree/main/2024/LCE/CVE-2024-23997

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

37.6%

JSON

Related for CVE-2024-23997