Lucene search
HackeroneVULNRICHMENT:CVE-2024-42020HistorySep 07, 2024 - 4:11 p.m.
CVE-2024-42020
2024-09-0716:11:22
hackerone
github.com
3
html injection
reporter widgets
cross-site-scripting
CVSS3
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
AI Score
6.5
Confidence
High
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.
References
Related
cve
cve
CVE-2024-42020
2024-09-07 17:15:14
nvd
nvd
CVE-2024-42020
2024-09-07 17:15:14
cvelist
cvelist
CVE-2024-42020
2024-09-07 16:11:22
veeam
veeam
Veeam Security Bulletin (September 2024)
2024-09-04 00:00:00
CVSS3
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
AI Score
6.5
Confidence
High
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-42020