OcoMon URL Handler Vulnerability: Remote Cross-Site Scripting Exploit
CVE-2024-7709

4.3MEDIUM

Key Information:

Vendor

OcoMon

Status
Ocomon
Vendor
CVE Published:
13 August 2024

What is CVE-2024-7709?

A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1. This issue affects some unknown processing of the file /includes/common/require_access_recovery.php of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.1 and 5.0 is able to address this issue. It is recommended to upgrade the affected component.

Affected Version(s)

OcoMon 4.0

OcoMon 4.0RC1

OcoMon 5.0RC1

References

https://vuldb.com/?id.274205
vdb-entry
https://vuldb.com/?ctiid.274205
signaturepermissions-required
https://vuldb.com/?submit.388843
third-party-advisory

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Hydd3n (VulDB User)
.