Lucene search

HackeroneCVELIST:CVE-2024-42020

HistorySep 07, 2024 - 4:11 p.m.

CVE-2024-42020

2024-09-0716:11:22

hackerone

www.cve.org

cve-2024-42020

cross-site-scripting

reporter widgets

html injection

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

EPSS

Percentile

9.5%

JSON

A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Veeam",
    "product": "One",
    "versions": [
      {
        "version": "12.1",
        "status": "affected",
        "lessThanOrEqual": "12.1",
        "versionType": "semver"
      }
    ]
  }
]

References

www.veeam.com/kb4649

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

EPSS

Percentile

9.5%

JSON

Related for CVELIST:CVE-2024-42020