CVE-2024-9147

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)

Published: Nov 4, 2024 / Updated: 15d ago

010
CVSS 6.9EPSS 0.04%Medium
CVE info copied to clipboard

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings.This issue affects PosPratik: before v3.2.1.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9147

Nov 4, 2024 at 1:17 PM
CVSS

A CVSS base score of 6.9 has been assigned.

Nov 4, 2024 at 1:20 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-9147. See article

Nov 4, 2024 at 1:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 4, 2024 at 1:21 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 10%)

Nov 5, 2024 at 10:05 AM
CVSS

A CVSS base score of 6.1 has been assigned.

Nov 6, 2024 at 3:55 PM / nvd
Static CVE Timeline Graph

Affected Systems

Bna/pospratik
+null more

Attack Patterns

CAPEC-18: XSS Targeting Non-Script Elements
+null more

News

NA - CVE-2024-9147 - Improper Neutralization of Script-Related HTML...
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings.This issue affects PosPratik: before...
CVE-2024-9147 | Bna Informatics PosPratik up to 3.2.0 cross site scripting
A vulnerability, which was classified as problematic , was found in Bna Informatics PosPratik up to 3.2.0 . Affected is an unknown function. The manipulation leads to basic cross site scripting. This vulnerability is traded as CVE-2024-9147 . It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
CVE-2024-9147 - Bna Informatics PosPratik Script-Related XSS
CVE ID : CVE-2024-9147 Published : Nov. 4, 2024, 1:17 p.m. 51 minutes ago Description : Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings.This issue affects PosPratik: before v3.2.1. Severity: 0.0
CVE-2024-9147
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings.This issue affects PosPratik: before...
CVE-2024-9147
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings.This issue affects PosPratik: before v3.2.1.
See 4 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Changed
Confidentiality:Low
Integrity:Low
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI