Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-36109
HistoryMay 28, 2024 - 7:15 p.m.

CVE-2024-36109

2024-05-2819:15:10
CWE-79
[email protected]
web.nvd.nist.gov
4
nvd
cve-2024-36109
cocalc
web-based software
markdown parser
vulnerability
commit 419862a9c9879c
upgrade
known workarounds

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

EPSS

0

Percentile

9.0%

JSON

CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows <script> tags to be included which execute when published. This issue has been addressed in commit 419862a9c9879c. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related

cve 1
vulnrichment 1
osv 1
cvelist 1
cve
cve
CVE-2024-36109
2024-05-28 19:15:10
vulnrichment
vulnrichment
CVE-2024-36109 Cross-site Scripting with Markdown rendering in CoCalc
2024-05-28 18:40:55
osv
osv
CVE-2024-36109
2024-05-28 19:15:10
cvelist
cvelist
CVE-2024-36109 Cross-site Scripting with Markdown rendering in CoCalc
2024-05-28 18:40:55

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

EPSS

0

Percentile

9.0%

JSON
Related for NVD:CVE-2024-36109
cve1vulnrichment1osv1cvelist1