Lucene search
HistoryAug 06, 2024 - 11:16 a.m.
CVE-2024-33978
cross-site scripting
e-negosyo system
version 1.0
url
session cookie
category parameter
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.7%
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via ‘category’ parameter in ‘/index.php’.
Affected configurations
Node
janobeyoung_entrepreneur_e-negosyo_systemMatch1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| janobe | young_entrepreneur_e-negosyo_system | 1.0 | cpe:2.3:a:janobe:young_entrepreneur_e-negosyo_system:1.0:*:*:*:*:*:*:* |
Related
vulnrichment
vulnrichment
CVE-2024-33978 Cross-site Scripting in Janobe E-Negosyo System
2024-08-06 11:00:45
cve
cve
CVE-2024-33978
2024-08-06 11:16:06
cvelist
cvelist
CVE-2024-33978 Cross-site Scripting in Janobe E-Negosyo System
2024-08-06 11:00:45
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.7%
Related for NVD:CVE-2024-33978