CyberAlerts

CVE-2024-47947

Description: Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function which is available at the URL https://$SCANNER/cgi/admin.cgi?-rdisclaimer+-apre The stored Javascript payload will be executed every time the ScanWizard is loaded, even in the Kiosk-mode browser.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2024-45149

Adobe Commerce | Improper Access Control (CWE-284)

Description: Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.

CVSS: LOW (2.7)

EPSS Score: 0.06%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2024-45120

Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

Description: Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction.

CVSS: LOW (3.1)

EPSS Score: 0.07%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2024-36498

Stored cross site scripting

Description: Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function which is available at the URL https://$SCANNER/cgi/admin.cgi?-rdisclaimer+-apre The stored Javascript payload will be executed every time the ScanWizard is loaded, even in the Kiosk-mode browser. Version 7.40 implemented a fix, but it could be bypassed via URL-encoding the Javascript payload again.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2024-36494

Reflected Cross Site Scripting

Description: Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The login page at /cgi/slogin.cgi suffers from XSS due to improper input filtering of the -tsetup+-uuser parameter, which can only be exploited if the target user is not already logged in. This makes it ideal for login form phishing attempts.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2024-31670

rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in...

Description: rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in librz/bin/format/mach0/dyldcache.c.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2024-28146

Hardcoded credentials

Description: The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2024-28145

Unauthenticated SQL Injection

Description: An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter "field" with the UNION keyword.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2024-28144

Broken Access Control

Description: An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2024-28143

Insecure Password Change Function

Description: The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new password within the -rsetpass+-aaction+- parameter for a user without knowing the old password, e.g. by exploiting a CSRF issue.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 13th, 2024 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-47947	Stored cross site scripting Description: Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function which is available at the URL https://$SCANNER/cgi/admin.cgi?-rdisclaimer+-apre The stored Javascript payload will be executed every time the ScanWizard is loaded, even in the Kiosk-mode browser. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 13th, 2024 (4 months ago)
CVE-2024-45149	Adobe Commerce \| Improper Access Control (CWE-284) Description: Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. CVSS: LOW (2.7) EPSS Score: 0.06% Source: CVE December 13th, 2024 (4 months ago)
CVE-2024-45120	Adobe Commerce \| Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) Description: Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction. CVSS: LOW (3.1) EPSS Score: 0.07% Source: CVE December 13th, 2024 (4 months ago)
CVE-2024-36498	Stored cross site scripting Description: Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function which is available at the URL https://$SCANNER/cgi/admin.cgi?-rdisclaimer+-apre The stored Javascript payload will be executed every time the ScanWizard is loaded, even in the Kiosk-mode browser. Version 7.40 implemented a fix, but it could be bypassed via URL-encoding the Javascript payload again. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 13th, 2024 (4 months ago)
CVE-2024-36494	Reflected Cross Site Scripting Description: Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The login page at /cgi/slogin.cgi suffers from XSS due to improper input filtering of the -tsetup+-uuser parameter, which can only be exploited if the target user is not already logged in. This makes it ideal for login form phishing attempts. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 13th, 2024 (4 months ago)
CVE-2024-31670	rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in... Description: rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in librz/bin/format/mach0/dyldcache.c. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 13th, 2024 (4 months ago)
CVE-2024-28146	Hardcoded credentials Description: The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 13th, 2024 (4 months ago)
CVE-2024-28145	Unauthenticated SQL Injection Description: An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter "field" with the UNION keyword. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 13th, 2024 (4 months ago)
CVE-2024-28144	Broken Access Control Description: An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 13th, 2024 (4 months ago)
CVE-2024-28143	Insecure Password Change Function Description: The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new password within the -rsetpass+-aaction+- parameter for a user without knowing the old password, e.g. by exploiting a CSRF issue. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 13th, 2024 (4 months ago)