Lucene search

INCIBECVELIST:CVE-2024-1304

HistoryMar 12, 2024 - 3:31 p.m.

CVE-2024-1304 Multiple Vulnerabilities in Badger Meter's Monitool

2024-03-1215:31:02

CWE-79

INCIBE

www.cve.org

cve-2024-1304

cross-site scripting

remote attacker

browser session hijack

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

EPSS

Percentile

9.0%

JSON

Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Monitool",
    "vendor": "Badger Meter",
    "versions": [
      {
        "status": "affected",
        "version": "4.6.3"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-badger-meters-monitool