VDB-278973 · CVE-2024-9411 · IATECW

OFCMS 1.1.2 add.json?sqlid=system.dict.save add dict_value କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ

Rakkoon nageenyaa kan ସମସ୍ୟାଜନକ jedhamuun beekamu OFCMS 1.1.2 keessatti argameera. Kan miidhamte is hojii ଯୋଡନ୍ତୁ faayilii /admin/system/dict/add.json?sqlid=system.dict.save keessa. Hojii jijjiirraa irratti gaggeeffame dict_value gara କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-79 geessa. Dadhabbii kana yeroo 10/01/2024 maxxanfameera akka IATECW. Odeeffannoon kun buufachuuf gitee.com irratti qoodameera. Dogoggorri kun akka CVE-2024-9411tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Waliigalatti, meeshaa balaa kana fayyadamuuf jiru. Qorannoo miidhaa (exploit) uummataaf ifoomameera fi fayyadamamuu danda'a. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee ibsameera. Carraa exploit kana gitee.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

5 ଆଡାପ୍ଟେସନ୍ · 96 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 10/01/2024 04:50 PM	ଅଦ୍ୟତନ 1/4 10/02/2024 09:00 AM	ଅଦ୍ୟତନ 2/4 10/02/2024 01:34 PM	ଅଦ୍ୟତନ 3/4 03/09/2025 01:32 AM	ଅଦ୍ୟତନ 4/4 05/28/2025 05:54 AM
software_name	OFCMS	OFCMS	OFCMS	OFCMS	OFCMS
software_version	1.1.2	1.1.2	1.1.2	1.1.2	1.1.2
software_file	/admin/system/dict/add.json?sqlid=system.dict.save	/admin/system/dict/add.json?sqlid=system.dict.save	/admin/system/dict/add.json?sqlid=system.dict.save	/admin/system/dict/add.json?sqlid=system.dict.save	/admin/system/dict/add.json?sqlid=system.dict.save
software_function	add	add	add	add	add
software_argument	dict_value	dict_value	dict_value	dict_value	dict_value
vulnerability_cwe	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)
vulnerability_risk	1	1	1	1	1
cvss3_vuldb_av	N	N	N	N	N
cvss3_vuldb_ac	L	L	L	L	L
cvss3_vuldb_ui	R	R	R	R	R
cvss3_vuldb_s	U	U	U	U	U
cvss3_vuldb_c	N	N	N	N	N
cvss3_vuldb_i	L	L	L	L	L
cvss3_vuldb_a	N	N	N	N	N
cvss3_vuldb_e	P	P	P	P	P
cvss3_vuldb_rc	R	R	R	R	R
advisory_identifier	IATECW	IATECW	IATECW	IATECW	IATECW
advisory_url	https://gitee.com/oufu/ofcms/issues/IATECW	https://gitee.com/oufu/ofcms/issues/IATECW	https://gitee.com/oufu/ofcms/issues/IATECW	https://gitee.com/oufu/ofcms/issues/IATECW	https://gitee.com/oufu/ofcms/issues/IATECW
exploit_availability	1	1	1	1	1
exploit_publicity	1	1	1	1	1
exploit_url	https://gitee.com/oufu/ofcms/issues/IATECW	https://gitee.com/oufu/ofcms/issues/IATECW	https://gitee.com/oufu/ofcms/issues/IATECW	https://gitee.com/oufu/ofcms/issues/IATECW	https://gitee.com/oufu/ofcms/issues/IATECW
source_cve	CVE-2024-9411	CVE-2024-9411	CVE-2024-9411	CVE-2024-9411	CVE-2024-9411
cna_responsible	VulDB	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N	N
cvss2_vuldb_ac	L	L	L	L	L
cvss2_vuldb_ci	N	N	N	N	N
cvss2_vuldb_ii	P	P	P	P	P
cvss2_vuldb_ai	N	N	N	N	N
cvss2_vuldb_e	POC	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N	N
cvss4_vuldb_ac	L	L	L	L	L
cvss4_vuldb_vc	N	N	N	N	N
cvss4_vuldb_vi	L	L	L	L	L
cvss4_vuldb_va	N	N	N	N	N
cvss4_vuldb_e	P	P	P	P	P
cvss2_vuldb_au	S	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L	L
cvss3_vuldb_rl	X	X	X	X	X
cvss4_vuldb_at	N	N	N	N	N
cvss4_vuldb_pr	L	L	L	L	L
cvss4_vuldb_ui	N	N	N	P	P
cvss4_vuldb_sc	N	N	N	N	N
cvss4_vuldb_si	N	N	N	N	N
cvss4_vuldb_sa	N	N	N	N	N
cvss2_vuldb_basescore	4.0	4.0	4.0	4.0	4.0
cvss2_vuldb_tempscore	3.4	3.4	3.4	3.4	3.4
cvss3_vuldb_basescore	3.5	3.5	3.5	3.5	3.5
cvss3_vuldb_tempscore	3.2	3.2	3.2	3.2	3.2
cvss3_meta_basescore	3.5	4.1	4.1	4.1	4.1
cvss3_meta_tempscore	3.2	4.0	4.0	4.0	3.3
cvss4_vuldb_bscore	5.3	5.3	5.3	5.1	5.1
cvss4_vuldb_btscore	2.1	2.1	2.1	2.0	2.0
advisory_date	1727733600 (10/01/2024)	1727733600 (10/01/2024)	1727733600 (10/01/2024)	1727733600 (10/01/2024)	1727733600 (10/01/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
cvss3_cna_av		N	N	N	N
cvss3_cna_ac		L	L	L	L
cvss3_cna_pr		H	H	H	L
cvss3_cna_ui		R	R	R	R
cvss3_cna_s		C	C	C	U
cvss3_cna_c		L	L	L	N
cvss3_cna_i		L	L	L	L
cvss3_cna_a		N	N	N	N
cvss3_cna_basescore		4.8	4.8	4.8	3.5
cvss2_cna_av		N	N	N	N
cvss2_cna_ac		L	L	L	L
cvss2_cna_au		S	S	S	S
cvss2_cna_ci		N	N	N	N
cvss2_cna_ii		P	P	P	P
cvss2_cna_ai		N	N	N	N
cvss2_cna_basescore		4	4	4	4
cve_nvd_summaryes			Se ha encontrado una vulnerabilidad clasificada como problemática en OFCMS 1.1.2. Afecta a la función add del archivo /admin/system/dict/add.json?sqlid=system.dict.save. La manipulación del argumento dict_value provoca ataques de Cross-Site Scripting. Es posible iniciar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse.	Se ha encontrado una vulnerabilidad clasificada como problemática en OFCMS 1.1.2. Afecta a la función add del archivo /admin/system/dict/add.json?sqlid=system.dict.save. La manipulación del argumento dict_value provoca ataques de Cross-Site Scripting. Es posible iniciar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse.	Se ha encontrado una vulnerabilidad clasificada como problemática en OFCMS 1.1.2. Afecta a la función add del archivo /admin/system/dict/add.json?sqlid=system.dict.save. La manipulación del argumento dict_value provoca ataques de Cross-Site Scripting. Es posible iniciar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse.
cvss4_cna_av					N
cvss4_cna_ac					L
cvss4_cna_at					N
cvss4_cna_pr					L
cvss4_cna_ui					N
cvss4_cna_vc					N
cvss4_cna_vi					L
cvss4_cna_va					N
cvss4_cna_sc					N
cvss4_cna_si					N
cvss4_cna_sa					N
cvss4_cna_bscore					5.3

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!