nvd-json-data-feeds/CVE-2024/CVE-2024-99xx/CVE-2024-9969.json

{
  "id": "CVE-2024-9969",
  "sourceIdentifier": "twcert@cert.org.tw",
  "published": "2024-10-15T04:15:04.413",
  "lastModified": "2024-10-15T12:57:46.880",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [
    {
      "sourceIdentifier": "twcert@cert.org.tw",
      "tags": [
        "unsupported-when-assigned"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. The affected product is no longer maintained. It is recommended to upgrade to the new product."
    },
    {
      "lang": "es",
      "value": "NewType WebEIP v3.0 no valida correctamente la entrada del usuario, lo que permite que un atacante remoto con privilegios normales inserte JavaScript en par\u00e1metros espec\u00edficos, lo que da como resultado un ataque de Cross Site Scripting (XSS) Reflejado. El producto afectado ya no recibe mantenimiento. Se recomienda actualizar al nuevo producto."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "twcert@cert.org.tw",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "twcert@cert.org.tw",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.twcert.org.tw/en/cp-139-8135-ce1e6-2.html",
      "source": "twcert@cert.org.tw"
    },
    {
      "url": "https://www.twcert.org.tw/tw/cp-132-8134-c476d-1.html",
      "source": "twcert@cert.org.tw"
    }
  ]
}
Auto-Update: 2024-10-15T06:00:17.136530+00:00 2024-10-15 06:03:17 +00:00			`{`
			`"id": "CVE-2024-9969",`
			`"sourceIdentifier": "twcert@cert.org.tw",`
			`"published": "2024-10-15T04:15:04.413",`
Auto-Update: 2024-10-15T14:00:18.621893+00:00 2024-10-15 14:03:18 +00:00			`"lastModified": "2024-10-15T12:57:46.880",`
			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2024-10-15T06:00:17.136530+00:00 2024-10-15 06:03:17 +00:00			`"cveTags": [`
			`{`
			`"sourceIdentifier": "twcert@cert.org.tw",`
			`"tags": [`
			`"unsupported-when-assigned"`
			`]`
			`}`
			`],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. The affected product is no longer maintained. It is recommended to upgrade to the new product."`
Auto-Update: 2024-10-15T14:00:18.621893+00:00 2024-10-15 14:03:18 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "NewType WebEIP v3.0 no valida correctamente la entrada del usuario, lo que permite que un atacante remoto con privilegios normales inserte JavaScript en par\u00e1metros espec\u00edficos, lo que da como resultado un ataque de Cross Site Scripting (XSS) Reflejado. El producto afectado ya no recibe mantenimiento. Se recomienda actualizar al nuevo producto."`
Auto-Update: 2024-10-15T06:00:17.136530+00:00 2024-10-15 06:03:17 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "twcert@cert.org.tw",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "REQUIRED",`
			`"scope": "CHANGED",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "LOW",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.4,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 2.3,`
			`"impactScore": 2.7`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "twcert@cert.org.tw",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-79"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://www.twcert.org.tw/en/cp-139-8135-ce1e6-2.html",`
			`"source": "twcert@cert.org.tw"`
			`},`
			`{`
			`"url": "https://www.twcert.org.tw/tw/cp-132-8134-c476d-1.html",`
			`"source": "twcert@cert.org.tw"`
			`}`
			`]`
			`}`