CVE-2024-55342 - CERT CVE
ID CVE-2024-55342
Sažetak A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability.
Reference
CVSS
Base: 4.7
Impact: 1.4
Exploitability:2.8
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
LOW NONE NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Zadnje važnije ažuriranje 20-12-2024 - 20:15
Objavljeno 20-12-2024 - 19:15