Cross Site Scripting Vulnerability in SpringBoot Manager by By-Yexing
CVE-2024-24060

5.4MEDIUM

Key Information:

Vendor
Aitangbao
Status
Springboot-manager
Vendor
CVE Published:
1 February 2024

Summary

The SpringBoot Manager version 1.6 is vulnerable to a Cross Site Scripting (XSS) attack through the endpoint /sys/user. This vulnerability allows an attacker to inject malicious scripts into the web application, which can be executed in the context of the affected users' browser sessions. Such exploitation can lead to session hijacking, data theft, and various other security implications for users interacting with the application.

References

https://github.com/By-Yexing/Vulnerability_JAVA/blob/main...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-24060 : Cross Site Scripting Vulnerability in SpringBoot Manager by By-Yexing | SecurityVulnerability.io