admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-568xx/CVE-2024-56882.json
cad-safe-bot 808aa8c1f5 Auto-Update: 2025-02-19T17:00:54.292989+00:00
2025-02-19 17:04:22 +00:00

60 lines
2.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-56882",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-18T18:15:26.830",
"lastModified": "2025-02-19T15:15:14.970",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS). Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with the modified data elements."
},
{
"lang": "es",
"value": "Sage DPW antes de 2024_12_000 es vulnerable a Cross Site Scripting (XSS). Los usuarios de SAGE de bajo privilegio con permisos de roles de empleados pueden almacenar permanentemente el c\u00f3digo JavaScript en los campos de entrada Kurstitel y Kurzinfo. El payload inyectado se ejecuta para cada usuario autenticado que ve e interact\u00faa con los elementos de datos modificados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://cves.at/posts/cve-cve-2024-56882/writeup/",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink