OcoMon URL Handler Vulnerability: Remote Cross-Site Scripting Exploit

CVE-2024-7709

4.3MEDIUM

Key Information

Vendor: OcoMon
Status: Ocomon
Vendor: CVE Published:; 13 August 2024

Summary

A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1. This issue affects some unknown processing of the file /includes/common/require_access_recovery.php of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.1 and 5.0 is able to address this issue. It is recommended to upgrade the affected component.

Affected Version(s)

OcoMon = 4.0

OcoMon = 4.0RC1

OcoMon = 5.0RC1

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

VulDB entry last update
Aug 17, 2024
Risk change from: null to: 4.3 - (MEDIUM)
Aug 13, 2024
Vulnerability published.
Aug 13, 2024
Vulnerability Reserved.
Aug 12, 2024
VulDB entry created
Aug 12, 2024
Advisory disclosed
Aug 12, 2024

Collectors

NVD DatabaseMitre Database

Credit

Hydd3n (VulDB User)