Lucene search
HistoryApr 25, 2024 - 5:15 p.m.
CVE-2024-29660
cross site scripting
dedecms
vulnerability
stepselect_main.php
arbitrary code
CVSS3
5.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary code via a crafted payload to the stepselect_main.php component.
Related
cvelist
cvelist
CVE-2024-29660
2024-04-25 00:00:00
vulnrichment
vulnrichment
CVE-2024-29660
2024-04-25 00:00:00
cve
cve
CVE-2024-29660
2024-04-25 17:15:49
openvas
openvas
DedeCMS V5.7 SP2 Multiple Vulnerabilities (Mar/Apr/May/Jul 2024)
2024-06-06 00:00:00
CVSS3
5.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2024-29660