Lucene search
MitreCVE-2024-39242HistoryJun 26, 2024 - 8:15 p.m.
CVE-2024-39242
2024-06-2620:15:16
CWE-79
mitre
web.nvd.nist.gov
23
cross-site scripting
skycaiji
arbitrary web scripts
html
eval
crafted payload
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
5.6
Confidence
High
EPSS
0.001
Percentile
17.7%
A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using eval(String.fromCharCode()).
Affected configurations
Node
skycaijiskycaijiMatch2.8
Related
vulnrichment
vulnrichment
CVE-2024-39242
2024-06-26 00:00:00
cvelist
cvelist
CVE-2024-39242
2024-06-26 00:00:00
nvd
nvd
CVE-2024-39242
2024-06-26 20:15:16
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
5.6
Confidence
High
EPSS
0.001
Percentile
17.7%
Related for CVE-2024-39242