Lucene search

[email protected]NVD:CVE-2024-37828

HistoryJun 17, 2024 - 9:15 p.m.

CVE-2024-37828

2024-06-1721:15:51

CWE-79

[email protected]

web.nvd.nist.gov

stored xss

vermeg agile reporter

broadcast message

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

9.0%

JSON

A stored cross-site scripting (XSS) in Vermeg Agile Reporter v23.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field under the Set Broadcast Message module.

References

crashpark.weebly.com/blog/2-stored-xss-in-agilereporter-213-by-vermeg

www.vermeg.com/agile-reporter/