admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-22xx/CVE-2024-2299.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

60 lines
2.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-2299",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-05-14T15:18:47.760",
"lastModified": "2024-05-14T16:13:02.773",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-Site Scripting (XSS) vulnerability exists in the parisneo/lollms-webui application due to improper validation of uploaded files in the profile picture upload functionality. Attackers can exploit this vulnerability by uploading malicious HTML files containing JavaScript code, which is executed when the file is accessed. This vulnerability is remotely exploitable via Cross-Site Request Forgery (CSRF), allowing attackers to perform actions on behalf of authenticated users and potentially leading to unauthorized access to sensitive information within the Lollms-webui application."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross Site Scripting (XSS) almacenado en la aplicaci\u00f3n parisneo/lollms-webui debido a una validaci\u00f3n incorrecta de los archivos cargados en la funcionalidad de carga de im\u00e1genes de perfil. Los atacantes pueden aprovechar esta vulnerabilidad cargando archivos HTML maliciosos que contienen c\u00f3digo JavaScript, que se ejecuta cuando se accede al archivo. Esta vulnerabilidad se puede explotar de forma remota mediante Cross-Site Request Forgery (CSRF), lo que permite a los atacantes realizar acciones en nombre de usuarios autenticados y potencialmente conducir a un acceso no autorizado a informaci\u00f3n confidencial dentro de la aplicaci\u00f3n Lollms-webui."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/f1adaac0-b9ed-4093-a0f3-2d0a4ecba398",
"source": "security@huntr.dev"
}
]
}
Reference in New Issue View Git Blame Copy Permalink