admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-103xx/CVE-2024-10385.json
cad-safe-bot 2ffe26a616 Auto-Update: 2024-12-29T03:00:19.366387+00:00
2024-12-29 03:03:44 +00:00

86 lines
3.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-10385",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-12-20T16:15:21.523",
"lastModified": "2024-12-20T16:15:21.523",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code.\nIf an admin views the ticket, the script might perform actions with their privileges, including command execution.\u00a0\nThis issue has been fixed in\u00a0version 1.668 of DirectAdmin Evolution Skin."
},
{
"lang": "es",
"value": "El sistema de gesti\u00f3n de tickets en DirectAdmin Evolution Skin es vulnerable a XSS (Cross-site Scripting), que permite a un usuario con poco nivel de privilegios inyectar y almacenar c\u00f3digo JavaScript malicioso. Si un administrador ve el ticket, el script puede realizar acciones con sus privilegios, incluida la ejecuci\u00f3n de comandos. Este problema se ha solucionado en la versi\u00f3n 1.668 de DirectAdmin Evolution Skin."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cvd@cert.pl",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "cvd@cert.pl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2024/12/CVE-2024-10385",
"source": "cvd@cert.pl"
},
{
"url": "https://www.directadmin.com/evolution.php",
"source": "cvd@cert.pl"
}
]
}
Reference in New Issue View Git Blame Copy Permalink