CVE-2024-7660

A vulnerability has been found in SourceCodester File Manager App 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Add File Handler. The manipulation of the argument File Title/Uploaded By leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://docs.google.com/document/d/19jCrr48SwP9dkOAaf8HAgg0fxK7PjE4ZWbPSFU4zqKE/edit?usp=sharing Exploit
https://vuldb.com/?ctiid.274117 Permissions Required VDB Entry
https://vuldb.com/?id.274117 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?submit.388434 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:remyandrade:file_manager_app:1.0:*:*:*:*:*:*:*

History

22 Nov 2024, 14:59

Type Values Removed Values Added
CPE cpe:2.3:a:rems:file_manager_app:1.0:*:*:*:*:*:*:* cpe:2.3:a:remyandrade:file_manager_app:1.0:*:*:*:*:*:*:*
First Time Remyandrade
Remyandrade file Manager App
CVSS v2 : 4.0
v3 : 6.1
v2 : 4.0
v3 : 3.5

15 Aug 2024, 17:50

Type Values Removed Values Added
First Time Rems
Rems file Manager App
CPE cpe:2.3:a:rems:file_manager_app:1.0:*:*:*:*:*:*:*
Summary
  • (es) Se encontró una vulnerabilidad en la aplicación SourceCodester File Manager 1.0 y se clasificó como problemática. Una función desconocida del componente Add File Handler es afectada por esta vulnerabilidad. La manipulación del argumento Título del archivo/Subido por conduce a cross site scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse.
CVSS v2 : 4.0
v3 : 3.5
v2 : 4.0
v3 : 6.1
References () https://docs.google.com/document/d/19jCrr48SwP9dkOAaf8HAgg0fxK7PjE4ZWbPSFU4zqKE/edit?usp=sharing - () https://docs.google.com/document/d/19jCrr48SwP9dkOAaf8HAgg0fxK7PjE4ZWbPSFU4zqKE/edit?usp=sharing - Exploit
References () https://vuldb.com/?ctiid.274117 - () https://vuldb.com/?ctiid.274117 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.274117 - () https://vuldb.com/?id.274117 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.388434 - () https://vuldb.com/?submit.388434 - Third Party Advisory, VDB Entry

12 Aug 2024, 13:41

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 13:38

Updated : 2024-11-22 14:59


NVD link : CVE-2024-7660

Mitre link : CVE-2024-7660

CVE.ORG link : CVE-2024-7660


JSON object : View

Products Affected

remyandrade

  • file_manager_app
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')