VDB-290231 · CVE-2024-13143 · GCVE-100-290231

ZeroWdd studentmanager 1.0 PermissionController. java submitAddPermission url Cross Site Scripting

Hakika vulnerability da aka rarraba a matsayin karshewa an gano a ZeroWdd studentmanager 1.0. Tabbas, aikin submitAddPermission ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil src/main/java/com/zero/system/controller/PermissionController. java, a cikin sashi $software_component. Wuro manipulation of the argument url ga Cross Site Scripting. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-79. Lalle, rauni an sanar da shi 01/05/2025 da manager-system 1.0 has a storage type XSS #7. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2024-13143. Ngam yiɗi ka a tuma ndiyam ka nder waya. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a github.com. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

4 Goyarwa · 103 Datenpunkte

Furɗe	Súgá 01/05/2025 10:12	Gargadi 1/3 01/06/2025 01:56	Gargadi 2/3 02/15/2025 18:53	Gargadi 3/3 10/10/2025 19:55
software_vendor	ZeroWdd	ZeroWdd	ZeroWdd	ZeroWdd
software_name	studentmanager	studentmanager	studentmanager	studentmanager
software_version	1.0	1.0	1.0	1.0
software_file	src/main/java/com/zero/system/controller/PermissionController. java	src/main/java/com/zero/system/controller/PermissionController. java	src/main/java/com/zero/system/controller/PermissionController. java	src/main/java/com/zero/system/controller/PermissionController. java
software_function	submitAddPermission	submitAddPermission	submitAddPermission	submitAddPermission
software_argument	url	url	url	url
vulnerability_cwe	CWE-79 (Cross Site Scripting)	CWE-79 (Cross Site Scripting)	CWE-79 (Cross Site Scripting)	CWE-79 (Cross Site Scripting)
vulnerability_risk	1	1	1	1
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_pr	H	H	H	H
cvss3_vuldb_ui	R	R	R	R
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	N	N	N	N
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	N	N	N	N
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_identifier	manager-system 1.0 has a storage type XSS #7	manager-system 1.0 has a storage type XSS #7	manager-system 1.0 has a storage type XSS #7	manager-system 1.0 has a storage type XSS #7
advisory_url	https://github.com/ZeroWdd/manager-system/issues/7	https://github.com/ZeroWdd/manager-system/issues/7	https://github.com/ZeroWdd/manager-system/issues/7	https://github.com/ZeroWdd/manager-system/issues/7
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/ZeroWdd/manager-system/issues/7	https://github.com/ZeroWdd/manager-system/issues/7	https://github.com/ZeroWdd/manager-system/issues/7	https://github.com/ZeroWdd/manager-system/issues/7
source_cve	CVE-2024-13143	CVE-2024-13143	CVE-2024-13143	CVE-2024-13143
cna_responsible	VulDB	VulDB	VulDB	VulDB
decision_summary	Other parameters might be affected as well.	Other parameters might be affected as well.	Other parameters might be affected as well.	Other parameters might be affected as well.
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_au	M	M	M	M
cvss2_vuldb_ci	N	N	N	N
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	N	N	N	N
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_pr	H	H	H	H
cvss4_vuldb_vc	N	N	N	N
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	N	N	N	N
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_ui	N	N	P	P
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	3.3	3.3	3.3	3.3
cvss2_vuldb_tempscore	2.8	2.8	2.8	2.8
cvss3_vuldb_basescore	2.4	2.4	2.4	2.4
cvss3_vuldb_tempscore	2.2	2.2	2.2	2.2
cvss3_meta_basescore	2.4	2.4	2.4	3.4
cvss3_meta_tempscore	2.2	2.3	2.3	3.3
cvss4_vuldb_bscore	5.1	5.1	4.8	4.8
cvss4_vuldb_btscore	2.0	2.0	1.9	1.9
advisory_date	1736031600 (01/05/2025)	1736031600 (01/05/2025)	1736031600 (01/05/2025)	1736031600 (01/05/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cvss4_cna_si		N	N	N
cvss4_cna_sa		N	N	N
cvss4_cna_bscore		5.1	5.1	5.1
cvss3_cna_av		N	N	N
cvss3_cna_ac		L	L	L
cvss3_cna_pr		H	H	H
cvss3_cna_ui		R	R	R
cvss3_cna_s		U	U	U
cvss3_cna_c		N	N	N
cvss3_cna_i		L	L	L
cvss3_cna_a		N	N	N
cvss3_cna_basescore		2.4	2.4	2.4
cvss2_cna_av		N	N	N
cvss2_cna_ac		L	L	L
cvss2_cna_au		M	M	M
cvss2_cna_ci		N	N	N
cvss2_cna_ii		P	P	P
cvss2_cna_ai		N	N	N
cvss2_cna_basescore		3.3	3.3	3.3
cve_nvd_summary		A vulnerability was found in ZeroWdd studentmanager 1.0. It has been rated as problematic. This issue affects the function submitAddPermission of the file src/main/java/com/zero/system/controller/PermissionController. java. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.	A vulnerability was found in ZeroWdd studentmanager 1.0. It has been rated as problematic. This issue affects the function submitAddPermission of the file src/main/java/com/zero/system/controller/PermissionController. java. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.	A vulnerability was found in ZeroWdd studentmanager 1.0. It has been rated as problematic. This issue affects the function submitAddPermission of the file src/main/java/com/zero/system/controller/PermissionController. java. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
cvss4_cna_av		N	N	N
cvss4_cna_ac		L	L	L
cvss4_cna_at		N	N	N
cvss4_cna_pr		H	H	H
cvss4_cna_ui		N	N	N
cvss4_cna_vc		N	N	N
cvss4_cna_vi		L	L	L
cvss4_cna_va		N	N	N
cvss4_cna_sc		N	N	N
cve_nvd_summaryes				Se ha encontrado una vulnerabilidad en ZeroWdd studentmanager 1.0. Se ha calificado como problemática. Este problema afecta a la función submissionAddPermission del archivo src/main/java/com/zero/system/controller/PermissionController.java. La manipulación del argumento url provoca cross site scripting. El ataque puede iniciarse de forma remota. La vulnerabilidad se ha hecho pública y puede utilizarse. También pueden verse afectados otros parámetros.
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				L
cvss3_nvd_ui				R
cvss3_nvd_s				C
cvss3_nvd_c				L
cvss3_nvd_i				L
cvss3_nvd_a				N
cvss3_nvd_basescore				5.4

◂ Gurɗo Gumti Gada ▸

Do you need the next level of professionalism?

Upgrade your account now!