Lucene search

[email protected]CVE-2024-28112

HistoryMar 12, 2024 - 8:15 p.m.

CVE-2024-28112

2024-03-1220:15:07

CWE-79

[email protected]

web.nvd.nist.gov

peering manager

bgp

session

management

xss

vulnerability

upgrade

security

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting (XSS) attack in the name attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code with the permission of a victim. XSS attacks are often used to steal credentials or login tokens of other users. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected configurations

Vulners

Node

peering-managerpeering_managerRange<1.8.3

CNA Affected

[
  {
    "vendor": "peering-manager",
    "product": "peering-manager",
    "versions": [
      {
        "version": "< 1.8.3",
        "status": "affected"
      }
    ]
  }
]

References

github.com/peering-manager/peering-manager/security/advisories/GHSA-fmf5-24pq-rq2w

owasp.org/www-community/attacks/xss

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-28112

prion1 nvd1 cvelist1