Search criteria
18 vulnerabilities found for dcat_admin by dcatadmin
FKIE_CVE-2025-65656
Vulnerability from fkie_nvd - Published: 2025-12-02 17:16 - Updated: 2025-12-03 18:19
Severity ?
Summary
dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/jqhph/dcat-admin | Product | |
| cve@mitre.org | https://github.com/lznlol/operation-log/blob/main/CVE-2025-65656.md | Exploit, Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dcatadmin | dcat_admin | * | |
| dcatadmin | dcat_admin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4217AF-E0B6-4A5C-8BAF-F86C9B11F558",
"versionEndIncluding": "1.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:*:beta:*:*:*:*:*:*",
"matchCriteriaId": "0F0A25D9-3C42-4D69-B94B-2607CF100F38",
"versionEndIncluding": "2.2.3",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php."
}
],
"id": "CVE-2025-65656",
"lastModified": "2025-12-03T18:19:43.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-12-02T17:16:06.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/jqhph/dcat-admin"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/lznlol/operation-log/blob/main/CVE-2025-65656.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-98"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-0709
Vulnerability from fkie_nvd - Published: 2025-01-24 21:15 - Updated: 2025-05-07 20:03
Severity ?
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/taynes-llllzt/taynes/issues/7 | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/taynes-llllzt/taynes/issues/7#issue-2792259251 | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.293237 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.293237 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.483364 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dcatadmin | dcat_admin | 2.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.2.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "8D381610-A32D-4608-AB32-B81999C58566",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Dcat-Admin 2.2.1-beta. Se ha calificado como problem\u00e1tica. Este problema afecta a algunos procesos desconocidos del archivo /admin/auth/roles del componente Roles Page. La manipulaci\u00f3n conduce a Cross Site Scripting. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"id": "CVE-2025-0709",
"lastModified": "2025-05-07T20:03:05.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-01-24T21:15:11.237",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/taynes-llllzt/taynes/issues/7"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/taynes-llllzt/taynes/issues/7#issue-2792259251"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.293237"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.293237"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.483364"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-54775
Vulnerability from fkie_nvd - Published: 2024-12-27 22:15 - Updated: 2025-04-22 15:46
Severity ?
Summary
Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/taynes-llllzt/taynes/issues/5 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dcatadmin | dcat_admin | 2.2.0 | |
| dcatadmin | dcat_admin | 2.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "FDDF8F51-8D1A-4BB6-AFAD-C2320CDD4DFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.2.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "CAE044DD-27C5-49C2-BDF6-81BFB0E648D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions."
},
{
"lang": "es",
"value": "Dcat-Admin v2.2.0-beta y v2.2.2-beta contienen una vulnerabilidad de cross-site scripting (XSS) a trav\u00e9s de /admin/auth/menu y /admin/auth/extensions."
}
],
"id": "CVE-2024-54775",
"lastModified": "2025-04-22T15:46:43.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-12-27T22:15:12.117",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/taynes-llllzt/taynes/issues/5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-54774
Vulnerability from fkie_nvd - Published: 2024-12-27 22:15 - Updated: 2025-04-21 17:00
Severity ?
Summary
Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/taynes-llllzt/taynes/issues/4 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dcatadmin | dcat_admin | 2.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "FDDF8F51-8D1A-4BB6-AFAD-C2320CDD4DFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create."
},
{
"lang": "es",
"value": "Dcat Admin v2.2.0-beta contiene una vulnerabilidad de cross-site scripting (XSS) en /admin/articles/create."
}
],
"id": "CVE-2024-54774",
"lastModified": "2025-04-21T17:00:56.877",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-12-27T22:15:12.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/taynes-llllzt/taynes/issues/4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-29644
Vulnerability from fkie_nvd - Published: 2024-03-26 12:15 - Updated: 2025-04-30 16:48
Severity ?
Summary
Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://dcat-admin.com | Product | |
| cve@mitre.org | https://github.com/jqhph/dcat-admin | Product | |
| cve@mitre.org | https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://dcat-admin.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jqhph/dcat-admin | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dcatadmin | dcat_admin | * | |
| dcatadmin | dcat_admin | 2.0.0 | |
| dcatadmin | dcat_admin | 2.0.1 | |
| dcatadmin | dcat_admin | 2.0.2 | |
| dcatadmin | dcat_admin | 2.0.3 | |
| dcatadmin | dcat_admin | 2.0.4 | |
| dcatadmin | dcat_admin | 2.0.5 | |
| dcatadmin | dcat_admin | 2.0.6 | |
| dcatadmin | dcat_admin | 2.0.7 | |
| dcatadmin | dcat_admin | 2.0.8 | |
| dcatadmin | dcat_admin | 2.0.9 | |
| dcatadmin | dcat_admin | 2.0.10 | |
| dcatadmin | dcat_admin | 2.0.11 | |
| dcatadmin | dcat_admin | 2.0.12 | |
| dcatadmin | dcat_admin | 2.0.13 | |
| dcatadmin | dcat_admin | 2.0.14 | |
| dcatadmin | dcat_admin | 2.0.15 | |
| dcatadmin | dcat_admin | 2.0.16 | |
| dcatadmin | dcat_admin | 2.0.17 | |
| dcatadmin | dcat_admin | 2.0.18 | |
| dcatadmin | dcat_admin | 2.0.19 | |
| dcatadmin | dcat_admin | 2.0.20 | |
| dcatadmin | dcat_admin | 2.0.21 | |
| dcatadmin | dcat_admin | 2.0.22 | |
| dcatadmin | dcat_admin | 2.0.23 | |
| dcatadmin | dcat_admin | 2.0.24 | |
| dcatadmin | dcat_admin | 2.1.0 | |
| dcatadmin | dcat_admin | 2.1.1 | |
| dcatadmin | dcat_admin | 2.1.2 | |
| dcatadmin | dcat_admin | 2.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4217AF-E0B6-4A5C-8BAF-F86C9B11F558",
"versionEndIncluding": "1.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "25F5B3A0-A4BC-4E5E-839D-8617411531E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "770BB49B-4092-4731-AA54-FBE69BD328CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "9C20ADEC-2D34-4504-A2A5-04291CF58FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "4D1580C7-2CE9-4C50-887F-24B4F2E60DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "6C85600D-5624-4E2C-B549-C54590F7602F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "618420AD-26D9-4EFF-B1A0-908E34CF60C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "D31F81F7-9712-4A85-A12A-98F545CDB3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "95C94A3D-EBFA-4B3C-ACCA-03E4FB13BC0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.8:beta:*:*:*:*:*:*",
"matchCriteriaId": "93467373-3E14-4D30-A672-2C51ABA91CDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.9:beta:*:*:*:*:*:*",
"matchCriteriaId": "7912F297-97FC-4897-B3BE-8B70C683A709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.10:beta:*:*:*:*:*:*",
"matchCriteriaId": "52F2CD0C-2AFD-4611-A93B-C56D9805FE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.11:beta:*:*:*:*:*:*",
"matchCriteriaId": "B7197805-2B42-46DD-A123-6CEA6F34E4BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.12:beta:*:*:*:*:*:*",
"matchCriteriaId": "BE87FED3-7A9C-404A-A80A-856BE66AF4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.13:beta:*:*:*:*:*:*",
"matchCriteriaId": "CAACBFB1-0647-489B-881E-521FD698D459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.14:beta:*:*:*:*:*:*",
"matchCriteriaId": "3D3AF413-853D-4EB4-BE5A-F9A2564FD98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.15:beta:*:*:*:*:*:*",
"matchCriteriaId": "7F2DCA57-4823-4D4D-94C3-F90F377C32FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.16:beta:*:*:*:*:*:*",
"matchCriteriaId": "BB04F8BA-9B0A-4254-9DA4-E005FE60DCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.17:beta:*:*:*:*:*:*",
"matchCriteriaId": "CEDC8077-A2F3-4818-BB63-0B5D147A6324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.18:beta:*:*:*:*:*:*",
"matchCriteriaId": "C745F249-CABC-4305-A783-F24869016783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.19:beta:*:*:*:*:*:*",
"matchCriteriaId": "C0CD5762-DAB9-4105-A6C0-1A55047E62D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.20:beta:*:*:*:*:*:*",
"matchCriteriaId": "397F7A7C-BA39-47D1-A119-F05E6A9749E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.21:beta:*:*:*:*:*:*",
"matchCriteriaId": "41A8D328-2107-4A62-9760-7CB2154460E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.22:beta:*:*:*:*:*:*",
"matchCriteriaId": "4FC95D17-7ED8-4C96-8174-0C3FB8D262D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.23:beta:*:*:*:*:*:*",
"matchCriteriaId": "43317B4C-5D37-4137-8506-550C0E1EB9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.24:beta:*:*:*:*:*:*",
"matchCriteriaId": "232E98CA-CD74-4031-B9CC-BD0B6F3696FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "21B35977-D1A2-486D-BE07-8D94D4BD8FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.1.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "E2F183CA-2110-4263-A4E5-A8630B614B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.1.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "309A1CED-2697-42D4-AF85-999B90FDBFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.1.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "EA07899B-5D17-4D06-8BFC-A8B19F70B994",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting en dcat-admin v.2.1.3 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el cuadro de inicio de sesi\u00f3n del usuario."
}
],
"id": "CVE-2024-29644",
"lastModified": "2025-04-30T16:48:15.930",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-26T12:15:50.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://dcat-admin.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/jqhph/dcat-admin"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://dcat-admin.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/jqhph/dcat-admin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-33736
Vulnerability from fkie_nvd - Published: 2023-05-31 13:15 - Updated: 2025-01-10 15:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/jqhph/dcat-admin/issues/2027 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jqhph/dcat-admin/issues/2027 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dcatadmin | dcat_admin | 2.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.1.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "EA07899B-5D17-4D06-8BFC-A8B19F70B994",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter."
}
],
"id": "CVE-2023-33736",
"lastModified": "2025-01-10T15:15:13.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-31T13:15:10.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/jqhph/dcat-admin/issues/2027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/jqhph/dcat-admin/issues/2027"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2025-65656 (GCVE-0-2025-65656)
Vulnerability from cvelistv5 – Published: 2025-12-02 00:00 – Updated: 2025-12-03 15:03
VLAI?
Summary
dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-65656",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T15:01:41.167210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T15:03:37.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:41:31.159Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/jqhph/dcat-admin"
},
{
"url": "https://github.com/lznlol/operation-log/blob/main/CVE-2025-65656.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-65656",
"datePublished": "2025-12-02T00:00:00.000Z",
"dateReserved": "2025-11-18T00:00:00.000Z",
"dateUpdated": "2025-12-03T15:03:37.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0709 (GCVE-0-2025-0709)
Vulnerability from cvelistv5 – Published: 2025-01-24 20:31 – Updated: 2025-01-24 20:42
VLAI?
Title
Dcat-Admin Roles Page roles cross site scripting
Summary
A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Dcat-Admin |
Affected:
2.2.1-beta
|
Credits
Yimeng (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0709",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T20:42:15.603517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T20:42:28.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Roles Page"
],
"product": "Dcat-Admin",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.2.1-beta"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yimeng (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Dcat-Admin 2.2.1-beta ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /admin/auth/roles der Komponente Roles Page. Durch Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T20:31:05.748Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-293237 | Dcat-Admin Roles Page roles cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.293237"
},
{
"name": "VDB-293237 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.293237"
},
{
"name": "Submit #483364 | Dcat Dcat-Admin v2.2.1-beta stored xss",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.483364"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/taynes-llllzt/taynes/issues/7"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/taynes-llllzt/taynes/issues/7#issue-2792259251"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-01-24T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-01-24T11:04:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "Dcat-Admin Roles Page roles cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-0709",
"datePublished": "2025-01-24T20:31:05.748Z",
"dateReserved": "2025-01-24T09:59:12.063Z",
"dateUpdated": "2025-01-24T20:42:28.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54775 (GCVE-0-2024-54775)
Vulnerability from cvelistv5 – Published: 2024-12-27 00:00 – Updated: 2024-12-28 16:51
VLAI?
Summary
Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions.
Severity ?
4.8 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-54775",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-28T16:49:52.142027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T16:51:07.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T21:20:52.077108",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/taynes-llllzt/taynes/issues/5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-54775",
"datePublished": "2024-12-27T00:00:00",
"dateReserved": "2024-12-06T00:00:00",
"dateUpdated": "2024-12-28T16:51:07.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54774 (GCVE-0-2024-54774)
Vulnerability from cvelistv5 – Published: 2024-12-27 00:00 – Updated: 2024-12-28 17:57
VLAI?
Summary
Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create.
Severity ?
4.8 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-54774",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-28T17:56:34.453835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T17:57:31.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T21:18:29.466130",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/taynes-llllzt/taynes/issues/4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-54774",
"datePublished": "2024-12-27T00:00:00",
"dateReserved": "2024-12-06T00:00:00",
"dateUpdated": "2024-12-28T17:57:31.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29644 (GCVE-0-2024-29644)
Vulnerability from cvelistv5 – Published: 2024-03-26 00:00 – Updated: 2025-03-24 15:50
VLAI?
Summary
Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://dcat-admin.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jqhph/dcat-admin"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29644",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T16:24:36.777009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T15:50:03.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T11:58:56.290Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://dcat-admin.com"
},
{
"url": "https://github.com/jqhph/dcat-admin"
},
{
"url": "https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-29644",
"datePublished": "2024-03-26T00:00:00.000Z",
"dateReserved": "2024-03-19T00:00:00.000Z",
"dateUpdated": "2025-03-24T15:50:03.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33736 (GCVE-0-2023-33736)
Vulnerability from cvelistv5 – Published: 2023-05-31 00:00 – Updated: 2025-01-10 14:55
VLAI?
Summary
A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:47:06.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jqhph/dcat-admin/issues/2027"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-33736",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T14:55:00.318155Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T14:55:59.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/jqhph/dcat-admin/issues/2027"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33736",
"datePublished": "2023-05-31T00:00:00",
"dateReserved": "2023-05-22T00:00:00",
"dateUpdated": "2025-01-10T14:55:59.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-65656 (GCVE-0-2025-65656)
Vulnerability from nvd – Published: 2025-12-02 00:00 – Updated: 2025-12-03 15:03
VLAI?
Summary
dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-65656",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T15:01:41.167210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T15:03:37.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:41:31.159Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/jqhph/dcat-admin"
},
{
"url": "https://github.com/lznlol/operation-log/blob/main/CVE-2025-65656.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-65656",
"datePublished": "2025-12-02T00:00:00.000Z",
"dateReserved": "2025-11-18T00:00:00.000Z",
"dateUpdated": "2025-12-03T15:03:37.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0709 (GCVE-0-2025-0709)
Vulnerability from nvd – Published: 2025-01-24 20:31 – Updated: 2025-01-24 20:42
VLAI?
Title
Dcat-Admin Roles Page roles cross site scripting
Summary
A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Dcat-Admin |
Affected:
2.2.1-beta
|
Credits
Yimeng (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0709",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T20:42:15.603517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T20:42:28.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Roles Page"
],
"product": "Dcat-Admin",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.2.1-beta"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yimeng (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Dcat-Admin 2.2.1-beta ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /admin/auth/roles der Komponente Roles Page. Durch Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T20:31:05.748Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-293237 | Dcat-Admin Roles Page roles cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.293237"
},
{
"name": "VDB-293237 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.293237"
},
{
"name": "Submit #483364 | Dcat Dcat-Admin v2.2.1-beta stored xss",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.483364"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/taynes-llllzt/taynes/issues/7"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/taynes-llllzt/taynes/issues/7#issue-2792259251"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-01-24T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-01-24T11:04:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "Dcat-Admin Roles Page roles cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-0709",
"datePublished": "2025-01-24T20:31:05.748Z",
"dateReserved": "2025-01-24T09:59:12.063Z",
"dateUpdated": "2025-01-24T20:42:28.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54775 (GCVE-0-2024-54775)
Vulnerability from nvd – Published: 2024-12-27 00:00 – Updated: 2024-12-28 16:51
VLAI?
Summary
Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions.
Severity ?
4.8 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-54775",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-28T16:49:52.142027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T16:51:07.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T21:20:52.077108",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/taynes-llllzt/taynes/issues/5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-54775",
"datePublished": "2024-12-27T00:00:00",
"dateReserved": "2024-12-06T00:00:00",
"dateUpdated": "2024-12-28T16:51:07.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54774 (GCVE-0-2024-54774)
Vulnerability from nvd – Published: 2024-12-27 00:00 – Updated: 2024-12-28 17:57
VLAI?
Summary
Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create.
Severity ?
4.8 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-54774",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-28T17:56:34.453835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T17:57:31.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T21:18:29.466130",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/taynes-llllzt/taynes/issues/4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-54774",
"datePublished": "2024-12-27T00:00:00",
"dateReserved": "2024-12-06T00:00:00",
"dateUpdated": "2024-12-28T17:57:31.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29644 (GCVE-0-2024-29644)
Vulnerability from nvd – Published: 2024-03-26 00:00 – Updated: 2025-03-24 15:50
VLAI?
Summary
Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://dcat-admin.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jqhph/dcat-admin"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29644",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T16:24:36.777009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T15:50:03.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T11:58:56.290Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://dcat-admin.com"
},
{
"url": "https://github.com/jqhph/dcat-admin"
},
{
"url": "https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-29644",
"datePublished": "2024-03-26T00:00:00.000Z",
"dateReserved": "2024-03-19T00:00:00.000Z",
"dateUpdated": "2025-03-24T15:50:03.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33736 (GCVE-0-2023-33736)
Vulnerability from nvd – Published: 2023-05-31 00:00 – Updated: 2025-01-10 14:55
VLAI?
Summary
A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:47:06.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jqhph/dcat-admin/issues/2027"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-33736",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T14:55:00.318155Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T14:55:59.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/jqhph/dcat-admin/issues/2027"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33736",
"datePublished": "2023-05-31T00:00:00",
"dateReserved": "2023-05-22T00:00:00",
"dateUpdated": "2025-01-10T14:55:59.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}