Cross-site scripting vulnerability in Exment edit screen
CVE-2024-47793

5.4MEDIUM

Key Information:

Vendor: Kajitori Co.,ltd
Status: Exment
Vendor: CVE Published:; 18 October 2024

Summary

Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns (column type: images or files), an arbitrary script may be executed on the web browser of the user.

Affected Version(s)

Exment v6.1.4 and earlier

Exment v5.0.11 and earlier

References

https://exment.net/vulnerability-correspondence-version-6...

https://exment.net/docs/#/weakness/20241010

https://jvn.jp/en/jp/JVN74538317/

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 18, 2024
Vulnerability Reserved
Oct 3, 2024