Lucene search

INCDCVE-2024-41697

HistoryAug 20, 2024 - 12:15 p.m.

CVE-2024-41697

2024-08-2012:15:05

CWE-80

CWE-79

INCD

web.nvd.nist.gov

2024

security vulnerability

cwe-80

improper neutralization

script-related html tags

web page

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.7%

JSON

Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Affected configurations

Nvd

Node

priority-softwarepriorityRange<24.0

VendorProductVersionCPE
priority-softwarepriority*cpe:2.3:a:priority-software:priority:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
priority-software	priority	*	cpe:2.3:a:priority-software:priority::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Priority",
    "vendor": "Priority",
    "versions": [
      {
        "lessThan": "Upgrade to version 24.0 or later",
        "status": "affected",
        "version": "All versions",
        "versionType": "custom"
      }
    ]
  }
]

References

www.gov.il/en/Departments/faq/cve_advisories

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.7%

JSON

Related for CVE-2024-41697