A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php.
References
Configurations
History
12 Sep 2024, 20:19
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/nuxsmin/sysPass/blob/9d0e169d2163897238877fb65130db47fe1ddcfa/app/modules/api/Controllers/ClientController.php#L89 - Issue Tracking | |
References | () https://github.com/nuxsmin/sysPass/blob/master/lib/SP/DataModel/ClientData.php#L98 - Issue Tracking | |
References | () https://github.com/sysentr0py/CVEs/tree/main/CVE-2024-42904 - Third Party Advisory | |
CPE | cpe:2.3:a:syspass:syspass:*:*:*:*:*:*:*:* | |
First Time |
Syspass syspass
Syspass |
|
CWE | CWE-79 | |
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
03 Sep 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-03 18:15
Updated : 2024-09-12 20:19
NVD link : CVE-2024-42904
Mitre link : CVE-2024-42904
CVE.ORG link : CVE-2024-42904
JSON object : View
Products Affected
syspass
- syspass
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')