Lucene search

Veracode Vulnerability DatabaseVERACODE:46738

HistoryMay 03, 2024 - 8:26 a.m.

Cross Site Scripting (XSS)

2024-05-0308:26:29

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

ajenti

cron

cross site scripting

xss

input validation

html

vulnerability

remote users

software

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.7%

JSON

ajenti is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to inadequate input validation in the command field of the Cron functionality, allowing remote authenticated users to inject arbitrary web script or HTML.

CPENameOperatorVersion
ajentile1.2.14.1
ajentile1.2.14.1

CPE	Name	Operator	Version
	ajenti	le	1.2.14.1
	ajenti	le	1.2.14.1

References

packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html

github.com/advisories/GHSA-9crx-p357-5vw8

github.com/ajenti/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310

github.com/ajenti/ajenti/issues/233

web.archive.org/web/20200229062920/www.securityfocus.com/bid/64982

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.7%

JSON

Related for VERACODE:46738