nvd-json-data-feeds/CVE-2024/CVE-2024-506xx/CVE-2024-50637.json

{
  "id": "CVE-2024-50637",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-11-06T17:15:20.680",
  "lastModified": "2024-11-07T14:15:16.780",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies."
    },
    {
      "lang": "es",
      "value": "UnoPim 0.1.3 y versiones anteriores son vulnerables a Cross Site Scripting (XSS) en la funci\u00f3n Crear usuario. \u00b6\u00b6 La vulnerabilidad permite a los atacantes realizar XSS en la extensi\u00f3n de archivo SVG, que puede usarse para robar cookies."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/unopim/unopim/issues/41",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/unopim/unopim/releases/tag/v0.1.4",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/yamerooo123/ResearchNBugBountyEncyclopedia/blob/main/Researches/Unopim/Findings.md",
      "source": "cve@mitre.org"
    }
  ]
}
Auto-Update: 2024-11-06T19:00:21.748867+00:00 2024-11-06 19:03:22 +00:00			`{`
			`"id": "CVE-2024-50637",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2024-11-06T17:15:20.680",`
Auto-Update: 2024-11-07T15:00:23.537709+00:00 2024-11-07 15:03:25 +00:00			`"lastModified": "2024-11-07T14:15:16.780",`
Auto-Update: 2024-11-06T19:00:21.748867+00:00 2024-11-06 19:03:22 +00:00			`"vulnStatus": "Awaiting Analysis",`
			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
Auto-Update: 2024-11-07T15:00:23.537709+00:00 2024-11-07 15:03:25 +00:00			`"value": "UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies."`
			`},`
			`{`
			`"lang": "es",`
			`"value": "UnoPim 0.1.3 y versiones anteriores son vulnerables a Cross Site Scripting (XSS) en la funci\u00f3n Crear usuario. \u00b6\u00b6 La vulnerabilidad permite a los atacantes realizar XSS en la extensi\u00f3n de archivo SVG, que puede usarse para robar cookies."`
Auto-Update: 2024-11-06T19:00:21.748867+00:00 2024-11-06 19:03:22 +00:00			`}`
			`],`
Auto-Update: 2024-11-06T21:00:21.583587+00:00 2024-11-06 21:03:22 +00:00			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"baseScore": 5.4,`
			`"baseSeverity": "MEDIUM",`
Auto-Update: 2024-11-06T21:00:21.583587+00:00 2024-11-06 21:03:22 +00:00			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "REQUIRED",`
			`"scope": "CHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "LOW",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"availabilityImpact": "LOW"`
Auto-Update: 2024-11-06T21:00:21.583587+00:00 2024-11-06 21:03:22 +00:00			`},`
			`"exploitabilityScore": 2.3,`
			`"impactScore": 2.7`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-79"`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2024-11-06T19:00:21.748867+00:00 2024-11-06 19:03:22 +00:00			`"references": [`
			`{`
			`"url": "https://github.com/unopim/unopim/issues/41",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "https://github.com/unopim/unopim/releases/tag/v0.1.4",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "https://github.com/yamerooo123/ResearchNBugBountyEncyclopedia/blob/main/Researches/Unopim/Findings.md",`
			`"source": "cve@mitre.org"`
			`}`
			`]`
			`}`