A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Affected is an unknown function of the file system/pages/forum/new_post.php of the component Post Reply Handler. The manipulation of the argument post_topic leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c. It is recommended to apply a patch to fix this issue.
References
Link | Resource |
---|---|
https://github.com/opentibiabr/myaac/issues/121 | Exploit |
https://github.com/opentibiabr/myaac/pull/122 | Issue Tracking Patch |
https://github.com/opentibiabr/myaac/pull/122/commits/bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c | Patch |
https://vuldb.com/?ctiid.277434 | Permissions Required |
https://vuldb.com/?id.277434 | Permissions Required |
https://vuldb.com/?submit.406368 | Third Party Advisory |
Configurations
History
19 Sep 2024, 01:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:opentibiabr:myaac:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 5.4 |
First Time |
Opentibiabr myaac
Opentibiabr |
|
Summary |
|
|
References | () https://github.com/opentibiabr/myaac/issues/121 - Exploit | |
References | () https://github.com/opentibiabr/myaac/pull/122 - Issue Tracking, Patch | |
References | () https://github.com/opentibiabr/myaac/pull/122/commits/bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c - Patch | |
References | () https://vuldb.com/?ctiid.277434 - Permissions Required | |
References | () https://vuldb.com/?id.277434 - Permissions Required | |
References | () https://vuldb.com/?submit.406368 - Third Party Advisory |
13 Sep 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-13 19:15
Updated : 2024-09-19 01:38
NVD link : CVE-2024-8783
Mitre link : CVE-2024-8783
CVE.ORG link : CVE-2024-8783
JSON object : View
Products Affected
opentibiabr
- myaac
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')