exploitDog

CVE-2024-40111

Опубликовано: 23 авг. 2024

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

A persistent (stored) cross-site scripting (XSS) vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any user visiting the forum.

Ссылки

https://drive.google.com/file/d/10BVQKYo2H1-Nx3FOGteL2xww4lbZ3xlS/view?usp=sharing
Exploit
https://github.com/w3bn00b3r/Stored-Cross-Site-Scripting-XSS---Automad-2.0.0-alpha.4/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:automad:automad:2.0.0:alpha4:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.0462

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-g8h2-j9pm-4xx2

CVSS3: 4.8

github

больше 1 года назад

Automad Cross-site Scripting vulnerability

EPSS

Процентиль: 89%

0.0462

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79