CVE-2024-48654

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

ross Site Scripting vulnerability in Blood Bank v.1 allows a remote attacker to execute arbitrary code via a crafted script to the login.php component.

References

Link	Resource
https://github.com/Prabhatsk7/CVE/blob/main/CVE-2024-48654
https://github.com/Prabhatsk7/CVE/commit/d735e4f0bab7267608098284f51b602ead429b27

Configurations

No configuration.

History

28 Oct 2024, 13:58

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de Cross Site Scripting en Blood Bank v.1 permite a un atacante remoto ejecutar código arbitrario a través de una secuencia de comandos manipulada específicamente para el componente login.php.

25 Oct 2024, 21:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.1
CWE		CWE-79

25 Oct 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-25 17:15

Updated : 2024-10-28 13:58

NVD link : CVE-2024-48654

Mitre link : CVE-2024-48654

CVE.ORG link : CVE-2024-48654

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1 /10