Lucene search
TwcertCVE-2024-6742HistoryJul 15, 2024 - 6:15 a.m.
CVE-2024-6742
2024-07-1506:15:02
CWE-79
twcert
web.nvd.nist.gov
24
aguardnet technology
space management system
remote attackers
xss attacks
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0
Percentile
14.3%
AguardNet Technology’s Space Management System does not properly filter user input, allowing remote attackers with regular privileges to inject JavaScript and perform Reflected Cross-site scripting attacks.
Affected configurations
Node
space_management_system_projectspace_management_systemRange<2024-04-09-3302
| Vendor | Product | Version | CPE |
|---|---|---|---|
| space_management_system_project | space_management_system | * | cpe:2.3:a:space_management_system_project:space_management_system:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Space Management System",
"vendor": "AguardNet",
"versions": [
{
"lessThan": "2024-04-09-3302",
"status": "affected",
"version": "all",
"versionType": "custom"
}
]
}
]
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0
Percentile
14.3%
Related for CVE-2024-6742