Lucene search

INCIBECVELIST:CVE-2024-3793

HistoryApr 15, 2024 - 2:13 p.m.

CVE-2024-3793 Cross-site Scripting vulnerability in WBSAirback

2024-04-1514:13:45

CWE-79

INCIBE

www.cve.org

cve-2024-3793

cross-site scripting

wbsairback

stored xss

admin

cloudaccounts

account name

user password

server fields

remote user

session data

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

9.0%

JSON

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/CloudAccounts, account name / user password / server fields, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "White Bear Solutions",
    "vendor": "WBSAirback",
    "versions": [
      {
        "status": "affected",
        "version": "21.02.04"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions