CVE-2024-5851

A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.8 is able to address this issue. The name of the patch is 7a88920f6b536c6a91512e739bcb4e8adefeed2b. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-267912. NOTE: The code maintainer was contacted early about this disclosure and was eager to prepare a fix as quickly as possible.
Configurations

No configuration.

History

21 Nov 2024, 09:48

Type Values Removed Values Added
References () https://github.com/playsms/playsms/commit/7a88920f6b536c6a91512e739bcb4e8adefeed2b - () https://github.com/playsms/playsms/commit/7a88920f6b536c6a91512e739bcb4e8adefeed2b -
References () https://vuldb.com/?ctiid.267912 - () https://vuldb.com/?ctiid.267912 -
References () https://vuldb.com/?id.267912 - () https://vuldb.com/?id.267912 -
References () https://vuldb.com/?submit.347385 - () https://vuldb.com/?submit.347385 -

13 Jun 2024, 18:36

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad ha sido encontrada en playSMS hasta 1.4.7 y clasificada como problemática. Una función desconocida del archivo /index.php?app=main&inc=feature_schedule&op=list del componente SMS Schedule Handler es afectada por esta vulnerabilidad. La manipulación del argumento nombre/mensaje conduce a Cross-Site Scripting básicas. Es posible lanzar el ataque de forma remota. La actualización a la versión 1.4.8 puede solucionar este problema. El nombre del parche es 7a88920f6b536c6a91512e739bcb4e8adefeed2b. Se recomienda actualizar el componente afectado. El identificador de esta vulnerabilidad es VDB-267912. NOTA: Se contactó primeramente con el fabricante del código acerca de esta divulgación y estaba ansioso por preparar una solución lo más rápido posible.

11 Jun 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-11 18:15

Updated : 2024-11-21 09:48


NVD link : CVE-2024-5851

Mitre link : CVE-2024-5851

CVE.ORG link : CVE-2024-5851


JSON object : View

Products Affected

No product.

CWE
CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)