CVE-2024-8521 - Vulnerability Details

A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manual leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.8.1 is able to address this issue. The patch is identified as b31002cec6b71ab5f738881806bb546430ec692e. It is recommended to upgrade the affected component.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Wavelog	Wavelog

No data.

References

Link	Providers
https://github.com/GithubUser843205/CVEs/tree/main/CVE-2024-8521
https://github.com/wavelog/wavelog/commit/b31002cec6b71ab5f738881806bb546430ec692e
https://github.com/wavelog/wavelog/pull/744
https://github.com/wavelog/wavelog/releases/tag/1.8.1
https://vuldb.com/?ctiid.276726
https://vuldb.com/?id.276726
https://vuldb.com/?submit.399819

History

Mon, 09 Sep 2024 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wavelog Wavelog wavelog
CPEs		cpe:2.3:a:wavelog:wavelog::::::::
Vendors & Products		Wavelog Wavelog wavelog
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 07 Sep 2024 08:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manual leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.8.1 is able to address this issue. The patch is identified as b31002cec6b71ab5f738881806bb546430ec692e. It is recommended to upgrade the affected component.
Title		Wavelog Live QSO qso index cross site scripting
Weaknesses		CWE-79
References		https://github.com/GithubUser843205/CVEs/tree/main/CVE-2024-8521 https://github.com/wavelog/wavelog/commit/b31002cec6b71ab5f738881806bb546430ec692e https://github.com/wavelog/wavelog/pull/744 https://github.com/wavelog/wavelog/releases/tag/1.8.1 https://vuldb.com/?ctiid.276726 https://vuldb.com/?id.276726 https://vuldb.com/?submit.399819
Metrics		cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N'}` cvssV3_0 `{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-09-07T08:00:06.674Z

Updated: 2024-09-09T13:47:42.099Z

Reserved: 2024-09-06T15:20:08.041Z

Link: CVE-2024-8521

Vulnrichment

Updated: 2024-09-09T13:47:33.708Z

NVD

Status : Awaiting Analysis

Published: 2024-09-07T08:15:11.523

Modified: 2024-09-09T13:03:38.303

Link: CVE-2024-8521

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object