Lucene search

[email protected]NVD:CVE-2024-37878

HistoryJun 12, 2024 - 5:15 p.m.

CVE-2024-37878

2024-06-1217:15:51

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-37878

cross site scripting

twcms v.2.0.3

arbitrary code execution

external sources input

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.5%

JSON

Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcms_view/default,index.htm.php" PHP directly echoes parameters input from external sources

Affected configurations

Nvd

Node

twcmstwcmsMatch2.0.3

VendorProductVersionCPE
twcmstwcms2.0.3cpe:2.3:a:twcms:twcms:2.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
twcms	twcms	2.0.3	cpe:2.3:a:twcms:twcms:2.0.3:::::::*

References

gist.github.com/sylvieverykawaii/243f1756151bee027725c6961d8c1ba9

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.5%

JSON

Related for NVD:CVE-2024-37878

cvelist1 vulnrichment1 cve1