Lucene search

[email protected]NVD:CVE-2024-41350

HistoryAug 29, 2024 - 8:15 p.m.

CVE-2024-41350

2024-08-2920:15:08

CWE-79

[email protected]

web.nvd.nist.gov

bjyadmin

commit

vulnerability

cross site scripting

umeditor

imageup

php

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.7%

JSON

bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/imageUp.php

Affected configurations

Nvd

Node

baijunyaobjyadminMatch2017-09-07

VendorProductVersionCPE
baijunyaobjyadmin2017-09-07cpe:2.3:a:baijunyao:bjyadmin:2017-09-07:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
baijunyao	bjyadmin	2017-09-07	cpe:2.3:a:baijunyao:bjyadmin:2017-09-07:::::::*

References

github.com/baijunyao/thinkphp-bjyadmin

github.com/xjzzzxx/vulFound/blob/main/bjyadmin/xss2.md

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.7%

JSON

Related for NVD:CVE-2024-41350

cvelist1 cve1 vulnrichment1