exploitDog

CVE-2024-33253

Опубликовано: 13 июн. 2024

Источник: nvd

CVSS3: 5.4

CVSS3: 6

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function.

Ссылки

https://github.com/FreySolarEye/CVE/blob/master/GUnet%20OpenEclass%20E-learning%20platform%203.15%20-%20%27certbadge.php%27%20Stored%20Cross%20Site%20Scripting
Exploit
Third Party Advisory
https://github.com/FreySolarEye/CVE/blob/master/GUnet%20OpenEclass%20E-learning%20platform%203.15%20-%20%27certbadge.php%27%20Stored%20Cross%20Site%20Scripting
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openeclass:openeclass:*:*:*:*:*:*:*:*

Версия до 3.15 (включая)

EPSS

Процентиль: 35%

0.00147

Низкий

5.4 Medium

CVSS3

6 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-g2cx-52qh-37rp

CVSS3: 6

github

больше 1 года назад

Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function.

EPSS

Процентиль: 35%

0.00147

Низкий

5.4 Medium

CVSS3

6 Medium

CVSS3

Дефекты

CWE-79

CWE-79