Lucene search

HackeroneCVE-2024-42020

HistorySep 07, 2024 - 5:15 p.m.

CVE-2024-42020

2024-09-0717:15:14

hackerone

web.nvd.nist.gov

cross-site-scripting vulnerability

reporter widgets

html injection

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

9.5%

JSON

A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.

Affected configurations

Vulners

Node

veeamoneRange≤12.1

VendorProductVersionCPE
veeamone*cpe:2.3:a:veeam:one:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
veeam	one	*	cpe:2.3:a:veeam:one::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Veeam",
    "product": "One",
    "versions": [
      {
        "version": "12.1",
        "status": "affected",
        "lessThanOrEqual": "12.1",
        "versionType": "semver"
      }
    ]
  }
]

References

www.veeam.com/kb4649

Social References

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

9.5%

JSON

Related for CVE-2024-42020