CVE-2024-8411

EUVD-2024-49157
A vulnerability was determined in ABCD ABCD2 up to 2.2.0-beta-1. Impacted is an unknown function of the file /buscar_integrada.php. Executing a manipulation of the argument Sub_Expresion can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The developer explains, that "this script has been completely redesigned after this version".
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 LOW
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
VulDBCNA
3.5 LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
abcd-communityabcd
2.2.0:alpha
abcd-communityabcd
2.2.0:beta0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/peritocibernetico/ABCD_Vulnerabilities
https://vuldb.com/?ctiid.276491
https://vuldb.com/?id.276491
https://vuldb.com/?submit.398843