115cms har 20240807 pageAE.html tid Cross Site Scripting
Gaskiya vulnerability da aka ware a matsayin karshewa an samu a 115cms har 20240807. Hakika, aikin $software_function ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil /index.php/setpage/admin/pageAE.html, a cikin sashen $software_component. A sa manipulation of the argument tid ka Cross Site Scripting. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-79. Hakika, rauni an bayyana shi 11/20/2024. An raba bayanin tsaro don saukewa a github.com. Wannan matsala ana saninta da CVE-2024-11493. Ngam yiɗi ka a tuma ndiyam ka internet. Tekinikal faɗi ga. Har ila yau, exploit ɗin yana nan. An bayyana exploit ɗin ga mutane kuma yana iya amfani. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á sàmbu huɗɗi-na-gaskiya. Exploit ɗin za a iya saukewa daga github.com. 0-day shima, an ndiyam a wuro be $0-$5k. Once again VulDB remains the best source for vulnerability data.
2 Goyarwa · 58 Datenpunkte
| Furɗe | Súgá 11/20/2024 09:31 | Gargadi 1/1 02/23/2025 23:03 |
|---|---|---|
| software_name | 115cms | 115cms |
| software_version | <=20240807 | <=20240807 |
| software_file | /index.php/setpage/admin/pageAE.html | /index.php/setpage/admin/pageAE.html |
| software_argument | tid | tid |
| vulnerability_cwe | CWE-79 (Cross Site Scripting) | CWE-79 (Cross Site Scripting) |
| vulnerability_risk | 1 | 1 |
| cvss3_vuldb_av | N | N |
| cvss3_vuldb_ac | L | L |
| cvss3_vuldb_ui | R | R |
| cvss3_vuldb_s | U | U |
| cvss3_vuldb_c | N | N |
| cvss3_vuldb_i | L | L |
| cvss3_vuldb_a | N | N |
| cvss3_vuldb_e | P | P |
| cvss3_vuldb_rc | R | R |
| advisory_url | https://github.com/Hebing123/cve/issues/70 | https://github.com/Hebing123/cve/issues/70 |
| exploit_availability | 1 | 1 |
| exploit_publicity | 1 | 1 |
| exploit_url | https://github.com/Hebing123/cve/issues/70 | https://github.com/Hebing123/cve/issues/70 |
| source_cve | CVE-2024-11493 | CVE-2024-11493 |
| cna_responsible | VulDB | VulDB |
| response_summary | The vendor was contacted early about this disclosure but did not respond in any way. | The vendor was contacted early about this disclosure but did not respond in any way. |
| cvss2_vuldb_av | N | N |
| cvss2_vuldb_ac | L | L |
| cvss2_vuldb_ci | N | N |
| cvss2_vuldb_ii | P | P |
| cvss2_vuldb_ai | N | N |
| cvss2_vuldb_e | POC | POC |
| cvss2_vuldb_rc | UR | UR |
| cvss4_vuldb_av | N | N |
| cvss4_vuldb_ac | L | L |
| cvss4_vuldb_vc | N | N |
| cvss4_vuldb_vi | L | L |
| cvss4_vuldb_va | N | N |
| cvss4_vuldb_e | P | P |
| cvss2_vuldb_au | S | S |
| cvss2_vuldb_rl | ND | ND |
| cvss3_vuldb_pr | L | L |
| cvss3_vuldb_rl | X | X |
| cvss4_vuldb_at | N | N |
| cvss4_vuldb_pr | L | L |
| cvss4_vuldb_ui | N | P |
| cvss4_vuldb_sc | N | N |
| cvss4_vuldb_si | N | N |
| cvss4_vuldb_sa | N | N |
| cvss2_vuldb_basescore | 4.0 | 4.0 |
| cvss2_vuldb_tempscore | 3.4 | 3.4 |
| cvss3_vuldb_basescore | 3.5 | 3.5 |
| cvss3_vuldb_tempscore | 3.2 | 3.2 |
| cvss3_meta_basescore | 3.5 | 3.5 |
| cvss3_meta_tempscore | 3.2 | 3.2 |
| cvss4_vuldb_bscore | 5.3 | 5.1 |
| cvss4_vuldb_btscore | 2.1 | 2.0 |
| advisory_date | 1732057200 (11/20/2024) | 1732057200 (11/20/2024) |
| price_0day | $0-$5k | $0-$5k |