CVE-2024-31946

{"id": "CVE-2024-31946", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.6}]}, "published": "2024-07-15T19:15:02.503", "references": [{"url": "https://advisories.stormshield.eu/2024-007", "source": "cve@mitre.org"}, {"url": "https://advisories.stormshield.eu/2024-007", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.41, 3.10.0 through 3.11.29, 4.0 through 4.3.24, and 4.4.0 through 4.7.4. A user who has access to the SNS with write access on the email alerts page has the ability to create alert email containing malicious JavaScript, executed by the template preview. The following versions fix this: 3.7.42, 3.11.30, 4.3.25, and 4.7.5."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Stormshield Network Security (SNS) 3.7.0 a 3.7.41, 3.10.0 a 3.11.29, 4.0 a 4.3.24 y 4.4.0 a 4.7.4. Un usuario que tiene acceso al SNS con acceso de escritura en la p\u00e1gina de alertas por correo electr\u00f3nico tiene la capacidad de crear correos electr\u00f3nicos de alerta que contienen JavaScript malicioso, ejecutado mediante la vista previa de la plantilla. Las siguientes versiones solucionan este problema: 3.7.42, 3.11.30, 4.3.25 y 4.7.5."}], "lastModified": "2024-11-21T09:14:10.573", "sourceIdentifier": "cve@mitre.org"}