CVE-2024-10286

6.1MEDIUM

Key Information

Vendor: Ujangrohidin
Status: Localserver
Vendor: CVE Published:; 23 October 2024

Summary

Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /testmail/index.php, parameter to.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
Oct 23, 2024

Collectors

NVD Database