Lucene search
MitreCVE-2024-40500HistoryAug 12, 2024 - 5:15 p.m.
CVE-2024-40500
2024-08-1217:15:17
CWE-79
mitre
web.nvd.nist.gov
25
cve-2024-40500
martin kucej
cross site scripting
i-librarian
arbitrary code execution
search function
import component
CVSS3
8.6
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
AI Score
6.8
Confidence
High
EPSS
0.001
Percentile
22.3%
Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component.
Affected configurations
Node
scilicoi-librarianRange≤5.11.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| scilico | i-librarian | * | cpe:2.3:a:scilico:i-librarian:*:*:*:*:*:*:*:* |
References
Related
cvelist
cvelist
CVE-2024-40500
2024-08-12 00:00:00
vulnrichment
vulnrichment
CVE-2024-40500
2024-08-12 00:00:00
nvd
nvd
CVE-2024-40500
2024-08-12 17:15:17
CVSS3
8.6
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
AI Score
6.8
Confidence
High
EPSS
0.001
Percentile
22.3%
Related for CVE-2024-40500