Lucene search

VulDBCVELIST:CVE-2024-1257

HistoryFeb 06, 2024 - 8:00 p.m.

CVE-2024-1257 Jspxcms find_text.do cross site scripting

2024-02-0620:00:06

CWE-79

VulDB

www.cve.org

jspxcms 10.2.0

cross site scripting

find text manipulation

remote attack

vdb-252996

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

20.6%

JSON

A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252996.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Jspxcms",
    "versions": [
      {
        "version": "10.2.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/sweatxi/BugHub/blob/main/find_text_do.pdf

vuldb.com/?ctiid.252996

vuldb.com/?id.252996

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

20.6%

JSON

Related for CVELIST:CVE-2024-1257