CVE-2024-54853

{"id": "CVE-2024-54853", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2025-02-05T22:15:30.557", "references": [{"url": "https://github.com/KoratSec/CVEs/blob/main/CVE-2024-54853.txt", "source": "[email protected]"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A Stored Cross-Site Scripting (XSS) vulnerability was identified affecting Skybox Change Manager versions 13.2.170 and earlier that allows remote authenticated users to store malicious payloads in the affected field that would then execute in an unsuspecting victim's browser."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad Cross-Site Scripting (XSS) Almacenado que afecta a las versiones 13.2.170 y anteriores de Skybox Change Manager, que permite a usuarios autenticados remotos almacenar payloads maliciosos en el campo afectado que luego se ejecutar\u00eda en el navegador de una v\u00edctima desprevenida."}], "lastModified": "2025-02-06T16:15:38.767", "sourceIdentifier": "[email protected]"}