CVE-2024-7660

A vulnerability has been found in SourceCodester File Manager App 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Add File Handler. The manipulation of the argument File Title/Uploaded By leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS v3.0 6.1 MEDIUM

6.1^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://vuldb.com/?id.274117	Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?ctiid.274117	Permissions Required VDB Entry
https://vuldb.com/?submit.388434	Third Party Advisory VDB Entry
https://docs.google.com/document/d/19jCrr48SwP9dkOAaf8HAgg0fxK7PjE4ZWbPSFU4zqKE/edit?usp=sharing	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:rems:file_manager_app:1.0:*:*:*:*:*:*:*

History

15 Aug 2024, 17:50

Type	Values Removed	Values Added
References	~~() https://vuldb.com/?submit.388434 -~~	() https://vuldb.com/?submit.388434 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?ctiid.274117 -~~	() https://vuldb.com/?ctiid.274117 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.274117 -~~	() https://vuldb.com/?id.274117 - Permissions Required, Third Party Advisory, VDB Entry
References	~~() https://docs.google.com/document/d/19jCrr48SwP9dkOAaf8HAgg0fxK7PjE4ZWbPSFU4zqKE/edit?usp=sharing -~~	() https://docs.google.com/document/d/19jCrr48SwP9dkOAaf8HAgg0fxK7PjE4ZWbPSFU4zqKE/edit?usp=sharing - Exploit
First Time		Rems file Manager App Rems
References	~~() https://vuldb.com/?submit.388434 -~~	() https://vuldb.com/?submit.388434 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?ctiid.274117 -~~	() https://vuldb.com/?ctiid.274117 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.274117 -~~	() https://vuldb.com/?id.274117 - Permissions Required, Third Party Advisory, VDB Entry
References	~~() https://docs.google.com/document/d/19jCrr48SwP9dkOAaf8HAgg0fxK7PjE4ZWbPSFU4zqKE/edit?usp=sharing -~~	() https://docs.google.com/document/d/19jCrr48SwP9dkOAaf8HAgg0fxK7PjE4ZWbPSFU4zqKE/edit?usp=sharing - Exploit
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.1
CPE		cpe:2.3:a:rems:file_manager_app:1.0:::::::*
CWE		CWE-79
CWE		CWE-79
First Time		Rems file Manager App Rems
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.1
CPE		cpe:2.3:a:rems:file_manager_app:1.0:::::::*

12 Aug 2024, 13:41

Type	Values Removed	Values Added
New CVE
CVSS	v2 : ~~unknown~~ v3 : ~~6.1~~	v2 : unknown v3 : unknown
CWE	~~CWE-79~~
CPE	cpe:2.3:a:rems:file_manager_app:1.0:::::::*

Information

Published : 2024-08-12 13:38

Updated : 2024-08-15 17:50

NVD link : CVE-2024-7660

Mitre link : CVE-2024-7660

JSON object : View

Products Affected

rems

file_manager_app

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1 /10