Lucene search

MitreCVE-2024-41350

HistoryAug 29, 2024 - 8:15 p.m.

CVE-2024-41350

2024-08-2920:15:08

CWE-79

mitre

web.nvd.nist.gov

bjyadmin

xss

public/statics/umeditor1_2_3/php/imageup.php

vulnerability

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/imageUp.php

Affected configurations

Nvd

Node

baijunyaobjyadminMatch2017-09-07

VendorProductVersionCPE
baijunyaobjyadmin2017-09-07cpe:2.3:a:baijunyao:bjyadmin:2017-09-07:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
baijunyao	bjyadmin	2017-09-07	cpe:2.3:a:baijunyao:bjyadmin:2017-09-07:::::::*

References

github.com/baijunyao/thinkphp-bjyadmin

github.com/xjzzzxx/vulFound/blob/main/bjyadmin/xss2.md

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Related for CVE-2024-41350