CVE-2024-44676

Опубликовано: 10 сент. 2024

Источник: nvd

CVSS3: 4.8

CVSS3: 6.1

EPSS Низкий

Описание

eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java.

Ссылки

https://github.com/elunez/eladmin
Vendor Advisory
https://github.com/jcxj/jcxj/blob/master/source/_posts/eladmin-%E5%A4%8D%E7%8E%B0.md
Exploit
https://github.com/l1uyi/cve-list/blob/main/cve-list/eladmin-CVE-2024-44676_CVE-2024-44677.md
https://github.com/l1uyi/cve-list/blob/main/cve-list/eladmin-CVE-2024-44676_CVE-2024-44677.md

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eladmin:eladmin:*:*:*:*:*:*:*:*

Версия до 2.7 (включая)

EPSS

Процентиль: 71%

0.00669

Низкий

4.8 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-8vw5-3vcf-59wh

CVSS3: 6.1

github

больше 1 года назад

eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java.

EPSS

Процентиль: 71%

0.00669

Низкий

4.8 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79