CVE-2024-24060

springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user.
Configurations

Configuration 1 (hide)

cpe:2.3:a:aitangbao:springboot-manager:1.6:*:*:*:*:*:*:*

History

21 Nov 2024, 08:58

Type Values Removed Values Added
References () https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#11-stored-cross-site-scripting-sysuser - Exploit, Third Party Advisory () https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#11-stored-cross-site-scripting-sysuser - Exploit, Third Party Advisory

03 Feb 2024, 00:40

Type Values Removed Values Added
References () https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#11-stored-cross-site-scripting-sysuser - () https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#11-stored-cross-site-scripting-sysuser - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
CPE cpe:2.3:a:aitangbao:springboot-manager:1.6:*:*:*:*:*:*:*
CWE CWE-79
First Time Aitangbao springboot-manager
Aitangbao

01 Feb 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-01 14:15

Updated : 2024-11-21 08:58


NVD link : CVE-2024-24060

Mitre link : CVE-2024-24060

CVE.ORG link : CVE-2024-24060


JSON object : View

Products Affected

aitangbao

  • springboot-manager
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')