OcoMon URL Handler Vulnerability: Remote Cross-Site Scripting Exploit
CVE-2024-7709
4.3MEDIUM
Key Information
- Vendor
- OcoMon
- Status
- Ocomon
- Vendor
- CVE Published:
- 13 August 2024
Summary
A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1. This issue affects some unknown processing of the file /includes/common/require_access_recovery.php of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.1 and 5.0 is able to address this issue. It is recommended to upgrade the affected component.
Affected Version(s)
OcoMon = 4.0
OcoMon = 4.0RC1
OcoMon = 5.0RC1
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
VulDB entry last update
Risk change from: null to: 4.3 - (MEDIUM)
Vulnerability published.
Vulnerability Reserved.
VulDB entry created
Advisory disclosed
Collectors
NVD DatabaseMitre Database
Credit
Hydd3n (VulDB User)