CVE-2024-9411

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Published: Oct 1, 2024 / Updated: 49d ago

010
CVSS 5.3EPSS 0.05%Medium
CVE info copied to clipboard

A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

First Article

Feedly found the first article mentioning CVE-2024-9411. See article

Oct 1, 2024 at 8:02 PM / CVE
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 1, 2024 at 8:03 PM
CVE Assignment

NVD published the first details for CVE-2024-9411

Oct 1, 2024 at 8:15 PM
CVSS

A CVSS base score of 3.5 has been assigned.

Oct 1, 2024 at 8:20 PM / nvd
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.3%)

Oct 2, 2024 at 10:19 AM
Static CVE Timeline Graph

Affected Systems

Ofcms_project/ofcms
+null more

Attack Patterns

CAPEC-209: XSS Using MIME Type Mismatch
+null more

News

CVE-2024-9411
Medium Severity Description A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Read more at https://www.tenable.com/cve/CVE-2024-9411
CVE Alert: CVE-2024-9411
Everyone that supports the site helps enable new functionality. Affected Endpoints:
CVE-2024-9411
A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be...
CVE-2024-9411 - TCPDF Cross Site Scripting (XSS)
CVE ID : CVE-2024-9411 Published : Oct. 1, 2024, 8:15 p.m. 17 minutes ago Description : A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely.
CVE-2024-9411 OFCMS add.json add cross site scripting
A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be...
See 3 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:Required
Scope:Unchanged
Confidentiality:None
Integrity:Low
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI