Lucene search

TwcertVULNRICHMENT:CVE-2024-6742

HistoryJul 15, 2024 - 5:55 a.m.

CVE-2024-6742 AguardNet Space Management System - Reflected Cross-Site Scripting

2024-07-1505:55:32

CWE-79

twcert

github.com

aguardnet

space management system

reflected cross-site scripting

remote attackers

user input

javascript

cve-2024-6742

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

6.9

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

AguardNet Technology’s Space Management System does not properly filter user input, allowing remote attackers with regular privileges to inject JavaScript and perform Reflected Cross-site scripting attacks.

CNA Affected

[
  {
    "vendor": "AguardNet",
    "product": "Space Management System",
    "versions": [
      {
        "status": "affected",
        "version": "all",
        "lessThan": "2024-04-09-3302",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.twcert.org.tw/en/cp-139-7931-608eb-2.html

www.twcert.org.tw/tw/cp-132-7930-e0368-1.html