eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java.
History

Tue, 10 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Eladmin
Eladmin eladmin
Weaknesses CWE-79
CPEs cpe:2.3:a:eladmin:eladmin:*:*:*:*:*:*:*:*
Vendors & Products Eladmin
Eladmin eladmin
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 10 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
References

Tue, 10 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Description eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-09-10T00:00:00

Updated: 2024-09-10T19:35:25.659Z

Reserved: 2024-08-21T00:00:00

Link: CVE-2024-44676

cve-icon Vulnrichment

Updated: 2024-09-10T19:35:15.301Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-10T16:15:20.260

Modified: 2024-09-25T19:20:25.073

Link: CVE-2024-44676

cve-icon Redhat

No data.