VDB-290818 · CVE-2024-13213 · GCVE-100-290818

SingMR HouseRent 1.0 toAdminUpdateHousePage?hID=30 Okukwata ku Kuteekateeka mu Kifo Ekitali Kyo (Cross Site Scripting)

Obulabe obwategekeddwa nga kizibu busingiddwa mu SingMR HouseRent 1.0. Ekikosebwa kye ekikozesebwa ekitamanyiddwa ku fayiro /toAdminUpdateHousePage?hID=30. Okukyuusa kireeta Okukwata ku Kuteekateeka mu Kifo Ekitali Kyo (Cross Site Scripting). Okulambika ekizibu nga ukozesa CWE kivaako CWE-79. Ekizibu kino kyayisibwa ku 08/01/2025 nga HouseRent has storage XSS #15. Ekiteeso kino kyawandiikiddwa era kisobola okuddownloadinga ku github.com. Obunafu buno bweyitibwa CVE-2024-13213. Waliwo obusobozi okutandika attack nga oli wala. Ebisingawo ku by'ekikugu biriwo. Wadde era waliwo ekikozesebwa ekirabikako. Ekikozesebwa kyategeezeddwa abantu bonna era kisobola okukozesebwa. Kati ekikadde ekisoboka ku mutengo gw’ekikozesebwa kiyinza okuba nga kisoba mu USD $0-$5k mu kiseera kino. Kiwandiikiddwa nga ebikakasa eby'okukakasa obusobozi. Waliwo omukisa ogusobola okukozesebwa okuddownloadinga exploit ku github.com. Mu mbeera ya 0-day, omuwendo ogwabalirirwako mu kifo ky’obutali mu mateeka gwali wa $0-$5k. Once again VulDB remains the best source for vulnerability data.

4 Okukyuusa · 100 Obubonero bw'ebikwata ku byuma

Ekibanja	Kikolebwa 08/01/2025 17:59	Okukozesa enkola empya 1/3 09/01/2025 14:56	Okukozesa enkola empya 2/3 14/02/2025 11:35	Okukozesa enkola empya 3/3 15/10/2025 23:09
software_vendor	SingMR	SingMR	SingMR	SingMR
software_name	HouseRent	HouseRent	HouseRent	HouseRent
software_version	1.0	1.0	1.0	1.0
software_file	/toAdminUpdateHousePage?hID=30	/toAdminUpdateHousePage?hID=30	/toAdminUpdateHousePage?hID=30	/toAdminUpdateHousePage?hID=30
vulnerability_cwe	CWE-79 (Okukwata ku Kuteekateeka mu Kifo Ekitali Kyo (Cross Site Scripting))	CWE-79 (Okukwata ku Kuteekateeka mu Kifo Ekitali Kyo (Cross Site Scripting))	CWE-79 (Okukwata ku Kuteekateeka mu Kifo Ekitali Kyo (Cross Site Scripting))	CWE-79 (Okukwata ku Kuteekateeka mu Kifo Ekitali Kyo (Cross Site Scripting))
vulnerability_risk	1	1	1	1
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	R	R	R	R
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	N	N	N	N
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	N	N	N	N
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_identifier	HouseRent has storage XSS #15	HouseRent has storage XSS #15	HouseRent has storage XSS #15	HouseRent has storage XSS #15
advisory_url	https://github.com/SingMR/HouseRent/issues/15	https://github.com/SingMR/HouseRent/issues/15	https://github.com/SingMR/HouseRent/issues/15	https://github.com/SingMR/HouseRent/issues/15
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/SingMR/HouseRent/issues/15#issue-2762127702	https://github.com/SingMR/HouseRent/issues/15#issue-2762127702	https://github.com/SingMR/HouseRent/issues/15#issue-2762127702	https://github.com/SingMR/HouseRent/issues/15#issue-2762127702
source_cve	CVE-2024-13213	CVE-2024-13213	CVE-2024-13213	CVE-2024-13213
cna_responsible	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	N	N	N	N
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	N	N	N	N
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_vc	N	N	N	N
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	N	N	N	N
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_ui	N	N	P	P
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	4.0	4.0	4.0	4.0
cvss2_vuldb_tempscore	3.4	3.4	3.4	3.4
cvss3_vuldb_basescore	3.5	3.5	3.5	3.5
cvss3_vuldb_tempscore	3.2	3.2	3.2	3.2
cvss3_meta_basescore	3.5	3.5	3.5	4.1
cvss3_meta_tempscore	3.2	3.3	3.3	4.0
cvss4_vuldb_bscore	5.3	5.3	5.1	5.1
cvss4_vuldb_btscore	2.1	2.1	2.0	2.0
advisory_date	1736290800 (08/01/2025)	1736290800 (08/01/2025)	1736290800 (08/01/2025)	1736290800 (08/01/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability classified as problematic was found in SingMR HouseRent 1.0. This vulnerability affects unknown code of the file /toAdminUpdateHousePage?hID=30. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as problematic was found in SingMR HouseRent 1.0. This vulnerability affects unknown code of the file /toAdminUpdateHousePage?hID=30. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as problematic was found in SingMR HouseRent 1.0. This vulnerability affects unknown code of the file /toAdminUpdateHousePage?hID=30. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
cve_nvd_summaryes		Se ha encontrado una vulnerabilidad clasificada como problemática en SingMR HouseRent 1.0. Esta vulnerabilidad afecta al código desconocido del archivo /toAdminUpdateHousePage?hID=30. La manipulación conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse.	Se ha encontrado una vulnerabilidad clasificada como problemática en SingMR HouseRent 1.0. Esta vulnerabilidad afecta al código desconocido del archivo /toAdminUpdateHousePage?hID=30. La manipulación conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse.	Se ha encontrado una vulnerabilidad clasificada como problemática en SingMR HouseRent 1.0. Esta vulnerabilidad afecta al código desconocido del archivo /toAdminUpdateHousePage?hID=30. La manipulación conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse.
cvss4_cna_av		N	N	N
cvss4_cna_ac		L	L	L
cvss4_cna_at		N	N	N
cvss4_cna_pr		L	L	L
cvss4_cna_ui		N	N	N
cvss4_cna_vc		N	N	N
cvss4_cna_vi		L	L	L
cvss4_cna_va		N	N	N
cvss4_cna_sc		N	N	N
cvss4_cna_si		N	N	N
cvss4_cna_sa		N	N	N
cvss4_cna_bscore		5.3	5.3	5.3
cvss3_cna_av		N	N	N
cvss3_cna_ac		L	L	L
cvss3_cna_pr		L	L	L
cvss3_cna_ui		R	R	R
cvss3_cna_s		U	U	U
cvss3_cna_c		N	N	N
cvss3_cna_i		L	L	L
cvss3_cna_a		N	N	N
cvss3_cna_basescore		3.5	3.5	3.5
cvss2_cna_av		N	N	N
cvss2_cna_ac		L	L	L
cvss2_cna_au		S	S	S
cvss2_cna_ci		N	N	N
cvss2_cna_ii		P	P	P
cvss2_cna_ai		N	N	N
cvss2_cna_basescore		4	4	4
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				L
cvss3_nvd_ui				R
cvss3_nvd_s				C
cvss3_nvd_c				L
cvss3_nvd_i				L
cvss3_nvd_a				N
cvss3_nvd_basescore				5.4

◂ Ddaabayo Okusaba Kw'ebintu Byonna Genda mu maaso ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!