exploitDog

CVE-2024-53307

Опубликовано: 10 мар. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A reflected cross-site scripting (XSS) vulnerability in the /mw/ endpoint of Evisions MAPS v6.10.2.267 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

Ссылки

https://gist.github.com/Xib3rR4dAr/bf754848f1cd77162f79226144b04648
Exploit
Third Party Advisory
https://webhelp.evisions.com/releaseguides/maps/default.htm#6.11/6.11%20Release%20Notes.htm?TocPath=MAPS%25206.11%2520Release%2520Guide%257C_____3
Release Notes
https://gist.github.com/Xib3rR4dAr/bf754848f1cd77162f79226144b04648
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:evisions:maps:*:*:*:*:*:*:*:*

Версия до 6.10.2.2678 (включая)

EPSS

Процентиль: 30%

0.00109

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-x2pr-grpc-jfvm

CVSS3: 5.4

github

11 месяцев назад

A reflected cross-site scripting (XSS) vulnerability in the /mw/ endpoint of Evisions MAPS v6.10.2.267 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

EPSS

Процентиль: 30%

0.00109

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79