CVE-2024-55239

Опубликовано: 18 дек. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulo_documento' parameter.

Ссылки

https://github.com/RegularUs3r/CVE-Research/blob/main/CVE-2024/Portabilis%20-%20iEducar/CVE-2024-55239%20-%20Reflected%20Cross-Site%20Scripting.md
Exploit
Third Party Advisory
https://github.com/RegularUs3r/CVE-Research/blob/main/CVE-2024/Portabilis%20-%20iEducar/CVE-2024-55649%20-%20Reflected%20Cross-Site%20Scripting.md
Not Applicable
https://github.com/RegularUs3r/CVE-Research/blob/main/CVE-2024/Portabilis%20-%20iEducar/CVE-2024-55239%20-%20Reflected%20Cross-Site%20Scripting.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:portabilis:i-educar:2.9:*:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00025

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-g54r-82m3-wgg3

github

около 1 года назад