Lucene search
HistoryAug 06, 2024 - 11:16 a.m.
CVE-2024-33977
e-negosyo system
cross-site scripting
version 1.0
session cookie
specially crafted url
victim
admin orders
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.7%
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via ‘view’ parameter in /admin/orders/index.php’.
Affected configurations
Node
janobeyoung_entrepreneur_e-negosyo_systemMatch1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| janobe | young_entrepreneur_e-negosyo_system | 1.0 | cpe:2.3:a:janobe:young_entrepreneur_e-negosyo_system:1.0:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2024-33977 Cross-site Scripting in Janobe E-Negosyo System
2024-08-06 10:58:21
vulnrichment
vulnrichment
CVE-2024-33977 Cross-site Scripting in Janobe E-Negosyo System
2024-08-06 10:58:21
cve
cve
CVE-2024-33977
2024-08-06 11:16:05
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.7%
Related for NVD:CVE-2024-33977