Lucene search

GitHub_MCVELIST:CVE-2024-28112

HistoryMar 12, 2024 - 7:54 p.m.

CVE-2024-28112 Cross site scripting on router page in Peering Manager

2024-03-1219:54:16

CWE-79

GitHub_M

www.cve.org

cve-2024-28112

cross-site scripting

peering manager

bgp session management

stored xss

routers

version 1.8.3

security upgrade

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting (XSS) attack in the name attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code with the permission of a victim. XSS attacks are often used to steal credentials or login tokens of other users. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CNA Affected

[
  {
    "vendor": "peering-manager",
    "product": "peering-manager",
    "versions": [
      {
        "version": "< 1.8.3",
        "status": "affected"
      }
    ]
  }
]

References

github.com/peering-manager/peering-manager/security/advisories/GHSA-fmf5-24pq-rq2w

owasp.org/www-community/attacks/xss

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-28112