Lucene search

INCIBECVELIST:CVE-2024-5413

HistoryMay 28, 2024 - 12:21 p.m.

CVE-2024-5413 Cross-Site Scripting (XSS) vulnerability on PhpMyBackupPro

2024-05-2812:21:40

CWE-79

INCIBE

www.cve.org

phpmybackuppro

cross-site scripting

xss

cve-2024-5413

vulnerability

session retrieval

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/scheduled.php, all parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PhpMyBackupPro",
    "vendor": "PhpMyBackupPro",
    "versions": [
      {
        "status": "affected",
        "version": "2.3"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-phpmybackuppro