exploitDog

CVE-2024-24512

Опубликовано: 01 мар. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component.

Ссылки

https://drive.google.com/file/d/1jRsltje5PRkgigcY5qLWB3GhF0e9j6aF/view?usp=sharing
Broken Link
https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-24512%20-%3E%20Stored%20XSS%20in%20input%20SubTitle%20of%20the%20Component
Exploit
Third Party Advisory
https://drive.google.com/file/d/1jRsltje5PRkgigcY5qLWB3GhF0e9j6aF/view?usp=sharing
Broken Link
https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-24512%20-%3E%20Stored%20XSS%20in%20input%20SubTitle%20of%20the%20Component
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pkp.sfu:open_journal_systems:3.3:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00231

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-7ppq-5vxg-mxp7

CVSS3: 6.1

github

почти 2 года назад

Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component.

EPSS

Процентиль: 46%

0.00231

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79