CVE-2024-44676

2024-09-1000:00:00

mitre

github.com

eladmin v2.7

xss vulnerability

localstorecontroller

java

arbitrary code execution

cve-2024-44676

AI Score

6.9

Confidence

High

EPSS

Percentile

14.7%

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:eladmin:eladmin:*:*:*:*:*:*:*:*"
    ],
    "vendor": "eladmin",
    "product": "eladmin",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "2.7"
      }
    ],
    "defaultStatus": "unknown"
  }
]