ID |
CVE-2024-28715
|
Sažetak |
Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint. |
Reference |
|
CVSS |
Base: | 8.8 |
Impact: | 5.3 |
Exploitability: | 2.8 |
|
Pristup |
Vektor | Složenost | Autentikacija |
NETWORK |
LOW |
NONE |
|
Impact |
Povjerljivost | Cjelovitost | Dostupnost |
LOW |
LOW |
HIGH |
|
CVSS vektor |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H |
Zadnje važnije ažuriranje |
24-06-2025 - 01:35 |
Objavljeno |
19-03-2024 - 21:15 |