Lucene search

[email protected]CVE-2024-36392

HistoryJun 02, 2024 - 2:15 p.m.

CVE-2024-36392

2024-06-0214:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-36392

security vulnerability

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "DeviceHub",
    "vendor": "MileSight",
    "versions": [
      {
        "lessThan": "Upgrade to the latest version.",
        "status": "affected",
        "version": "v3.0.1-r1 for Ubuntu 20.04",
        "versionType": "custom"
      }
    ]
  }
]

References

www.gov.il/en/Departments/faq/cve_advisories

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVE-2024-36392

vulnrichment1 nvd1 cvelist1