OcoMon URL Handler Vulnerability: Remote Cross-Site Scripting Exploit

CVE-2024-7709
4.3MEDIUM

Key Information

Vendor
OcoMon
Status
Ocomon
Vendor
CVE Published:
13 August 2024

Summary

A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1. This issue affects some unknown processing of the file /includes/common/require_access_recovery.php of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.1 and 5.0 is able to address this issue. It is recommended to upgrade the affected component.

Affected Version(s)

OcoMon = 4.0

OcoMon = 4.0RC1

OcoMon = 5.0RC1

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • VulDB entry last update

  • Risk change from: null to: 4.3 - (MEDIUM)

  • Vulnerability published.

  • Vulnerability Reserved.

  • VulDB entry created

  • Advisory disclosed

Collectors

NVD DatabaseMitre Database

Credit

Hydd3n (VulDB User)
.