Lucene search

[email protected]CVE-2024-24041

HistoryFeb 01, 2024 - 8:50 p.m.

CVE-2024-24041

2024-02-0120:50:05

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-24041

cross-site scripting

xss

php

mysql

web security

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php.

Affected configurations

NVD

Node

remyandradetravel_journal_using_php_and_mysql_with_source_codeMatch1.0

CPENameOperatorVersion
remyandrade:travel_journal_using_php_and_mysql_with_source_coderemyandrade travel journal using php and mysql with source codeeq1.0

CPE	Name	Operator	Version
remyandrade:travel_journal_using_php_and_mysql_with_source_code	remyandrade travel journal using php and mysql with source code	eq	1.0

References

github.com/tubakvgc/CVE/blob/main/Travel_Journal_App.md

portswigger.net/web-security/cross-site-scripting

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2024-24041

prion1 cvelist1 nvd1