Lucene search
INCIBECVELIST:CVE-2024-33977HistoryAug 06, 2024 - 10:58 a.m.
CVE-2024-33977 Cross-site Scripting in Janobe E-Negosyo System
2024-08-0610:58:21
CWE-79
INCIBE
www.cve.org
6
cross-site scripting
janobe e-negosyo system
version 1.0
session cookie
'view' parameter
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
17.7%
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via ‘view’ parameter in /admin/orders/index.php’.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "E-Negosyo System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
]Related
nvd
nvd
CVE-2024-33977
2024-08-06 11:16:05
vulnrichment
vulnrichment
CVE-2024-33977 Cross-site Scripting in Janobe E-Negosyo System
2024-08-06 10:58:21
cve
cve
CVE-2024-33977
2024-08-06 11:16:05
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
17.7%
Related for CVELIST:CVE-2024-33977