exploitDog

CVE-2024-37741

Опубликовано: 28 июн. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture.

Ссылки

https://1d8.github.io/cves/cve_2024_37741/
Exploit
https://github.com/thiagoralves/OpenPLC_v3/blob/9cd8f1b53a50f9d38708096bfc72bcbb1ef47343/webserver/pages.py#L992
Product
https://github.com/thiagoralves/OpenPLC_v3/issues/242
Exploit
Issue Tracking
https://1d8.github.io/cves/cve_2024_37741/
Exploit
https://github.com/thiagoralves/OpenPLC_v3/blob/9cd8f1b53a50f9d38708096bfc72bcbb1ef47343/webserver/pages.py#L992
Product
https://github.com/thiagoralves/OpenPLC_v3/issues/242
Exploit
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:openplcproject:openplc_v3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:openplcproject:openplc_v3:-:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00355

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

EPSS

Процентиль: 57%

0.00355

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79