Lucene search
INCIBECVELIST:CVE-2024-33978HistoryAug 06, 2024 - 11:00 a.m.
CVE-2024-33978 Cross-site Scripting in Janobe E-Negosyo System
2024-08-0611:00:45
CWE-79
INCIBE
www.cve.org
2
cross-site scripting
janobe e-negosyo system
e-negosyo system vulnerability
crafted url
session cookie
category parameter.
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
17.7%
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via ‘category’ parameter in ‘/index.php’.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "E-Negosyo System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-33978 Cross-site Scripting in Janobe E-Negosyo System
2024-08-06 11:00:45
cve
cve
CVE-2024-33978
2024-08-06 11:16:06
nvd
nvd
CVE-2024-33978
2024-08-06 11:16:06
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
17.7%
Related for CVELIST:CVE-2024-33978