CVE-2024-37680
Time Line
Published
2024-03-19
Updated
2024-03-19
Firt exploit
2024-03-19
Overview
Descriptions (2)
NVD, NVD
CWE (1)
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC (-)
Risk
CVSS Score
6.1 Medium
SSVC
Track*
KEV
-
EPSS
0.0%
Affected Products (-)
Vendors (1)
finesoft_project
Products (1)
finesoft
Versions (1)
<= 8.0
Intel Resources (-)
Advisories (-)
-
Exploits (-)
-
Plugins (-)
-
References (1)
General (-)
Exploits & POcs (1)
github
Patches (-)
Advisories (-)
Summary
Descriptions
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the URL:weburl.
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 se ve afectado por Cross Site Scripting (XSS) que permite a atacantes remotos ejecutar código arbitrario. Ingrese cualquier cuenta y contraseña, haga clic en Iniciar sesión, la página informará un error y aparecerá un parámetro controlable en la URL: weburl.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-06-10 CVE Reserved
- 2024-06-24 CVE Published
- 2024-06-27 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Threat Intelligence Resources (0)
| Select | Title | Date |
|---|
Security Advisory details:
Select an advisory to view details here.
| Select | Title | Date |
|---|
Select an exploit to view details here.
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/dabaizhizhu/123/issues/5 | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Finesoft Project Search vendor "Finesoft Project" | Finesoft Search vendor "Finesoft Project" for product "Finesoft" | <= 8.0 Search vendor "Finesoft Project" for product "Finesoft" and version " <= 8.0" | - |
Affected
| ||||||