CVE-2024-29183
OpenRASP vulnerable to a reflected Cross-Site Scripting (XSS) attack in /login
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with the permissions of a user after the user logins with their account.
OpenRASP es una solución RASP que integra directamente su motor de protección en el servidor de aplicaciones mediante instrumentación. Existe un XSS reflejado en la página /login debido a un reflejo del parámetro de redirección. Esto permite a un atacante ejecutar JavaScript arbitrario con los permisos de un usuario después de que el usuario inicia sesión con su cuenta.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-03-18 CVE Reserved
- 2024-04-19 CVE Published
- 2024-04-20 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://github.com/baidu/openrasp/commit/240fde3901c7a36aaade3683ffd5c89140a535fb | X_refsource_confirm | |
| https://securitylab.github.com/advisories/GHSL-2023-253_openrasp | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|