exploitDog

CVE-2024-8413

Опубликовано: 04 сент. 2024

Источник: nvd

CVSS3: 5.4

CVSS3: 6.1

EPSS Низкий

Описание

Cross Site Scripting (XSS) vulnerability through the action parameter in index.php. Affected product codebase https://github.com/Bioshox/Raspcontrol and forks such as https://github.com/harmon25/raspcontrol . An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially hijacking their session details.

References list

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-raspcontrol
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:raspcontrol_project:raspcontrol:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00402

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-5g3f-cpvx-g37c

CVSS3: 5.4

github

больше 1 года назад

Cross Site Scripting (XSS) vulnerability through the action parameter in index.php. Affected product codebase https://github.com/Bioshox/Raspcontrol and forks such as https://github.com/harmon25/raspcontrol . An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially hijacking their session details. References list

EPSS

Процентиль: 60%

0.00402

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79