Lucene search
MitreCVE-2024-44837HistorySep 06, 2024 - 2:15 p.m.
CVE-2024-44837
2024-09-0614:15:12
CWE-79
mitre
web.nvd.nist.gov
28
cross-site scripting
drug v1.0
manager.java
crafted payload
user parameter
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.6
Confidence
High
EPSS
0
Percentile
14.7%
A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user parameter.
Affected configurations
Node
deathbreakdrugMatch1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| deathbreak | drug | 1.0 | cpe:2.3:a:deathbreak:drug:1.0:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2024-44837
2024-09-06 00:00:00
vulnrichment
vulnrichment
CVE-2024-44837
2024-09-06 00:00:00
nvd
nvd
CVE-2024-44837
2024-09-06 14:15:12
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.6
Confidence
High
EPSS
0
Percentile
14.7%
Related for CVE-2024-44837