Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for framework by adive
CVE-2024-4336 (GCVE-0-2024-4336)
Vulnerability from cvelistv5 – Published: 2024-04-30 09:34 – Updated: 2024-08-15 14:58
VLAI
Title
Múltiple vulnerabilities on Adive Framework
Summary
Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/tables/add, in multiple parameters. An attacker could retrieve the session details of an authenticated user.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adive | Adive Framework |
Affected:
2.0.8
|
Date Public
2024-04-30 09:30
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:40:46.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-adive-framework"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T17:58:36.556768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T14:58:57.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Adive Framework",
"vendor": "Adive",
"versions": [
{
"status": "affected",
"version": "2.0.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Rafael Pedrero"
}
],
"datePublic": "2024-04-30T09:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/tables/add, in multiple parameters. An attacker could retrieve the session details of an authenticated user."
}
],
"value": "Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/tables/add, in multiple parameters. An attacker could retrieve the session details of an authenticated user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-30T09:34:16.165Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-adive-framework"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no solution reported at the moment.\u003cbr\u003e"
}
],
"value": "There is no solution reported at the moment.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "M\u00faltiple vulnerabilities on Adive Framework",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-4336",
"datePublished": "2024-04-30T09:34:16.165Z",
"dateReserved": "2024-04-30T07:46:12.006Z",
"dateUpdated": "2024-08-15T14:58:57.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4337 (GCVE-0-2024-4337)
Vulnerability from cvelistv5 – Published: 2024-04-30 09:33 – Updated: 2024-09-03 18:16
VLAI
Title
Múltiple vulnerabilities on Adive Framework
Summary
Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/nav/add, in multiple parameters. This vulnerability allows an attacker to retrieve the session details of an authenticated user.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adive | Adive Framework |
Affected:
2.0.8
|
Date Public
2024-04-30 09:30
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:40:47.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-adive-framework"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T20:57:42.846601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:16:53.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Adive Framework",
"vendor": "Adive",
"versions": [
{
"status": "affected",
"version": "2.0.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Rafael Pedrero"
}
],
"datePublic": "2024-04-30T09:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/nav/add, in multiple parameters. This vulnerability allows an attacker to retrieve the session details of an authenticated user."
}
],
"value": "Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/nav/add, in multiple parameters. This vulnerability allows an attacker to retrieve the session details of an authenticated user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-30T09:33:46.193Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-adive-framework"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no solution reported at the moment.\u003cbr\u003e"
}
],
"value": "There is no solution reported at the moment.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "M\u00faltiple vulnerabilities on Adive Framework",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-4337",
"datePublished": "2024-04-30T09:33:46.193Z",
"dateReserved": "2024-04-30T07:46:33.495Z",
"dateUpdated": "2024-09-03T18:16:53.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7989 (GCVE-0-2020-7989)
Vulnerability from cvelistv5 – Published: 2020-01-26 21:23 – Updated: 2024-08-04 09:48
VLAI
Summary
Adive Framework 2.0.8 has admin/user/add userUsername XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/47946 | x_refsource_MISC |
| https://github.com/ferdinandmartin/adive-php7/blo… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/47946"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Adive Framework 2.0.8 has admin/user/add userUsername XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-26T21:23:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/47946"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adive Framework 2.0.8 has admin/user/add userUsername XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/47946",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/47946"
},
{
"name": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7989",
"datePublished": "2020-01-26T21:23:08.000Z",
"dateReserved": "2020-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:48:24.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7990 (GCVE-0-2020-7990)
Vulnerability from cvelistv5 – Published: 2020-01-26 21:22 – Updated: 2024-08-04 09:48
VLAI
Summary
Adive Framework 2.0.8 has admin/user/add userName XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/47946 | x_refsource_MISC |
| https://github.com/ferdinandmartin/adive-php7/blo… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/47946"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Adive Framework 2.0.8 has admin/user/add userName XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-26T21:22:58.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/47946"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adive Framework 2.0.8 has admin/user/add userName XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/47946",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/47946"
},
{
"name": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7990",
"datePublished": "2020-01-26T21:22:58.000Z",
"dateReserved": "2020-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:48:24.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7991 (GCVE-0-2020-7991)
Vulnerability from cvelistv5 – Published: 2020-01-26 21:22 – Updated: 2024-08-04 09:48
VLAI
Summary
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/47946 | x_refsource_MISC |
| https://github.com/ferdinandmartin/adive-php7/blo… | x_refsource_MISC |
| http://packetstormsecurity.com/files/156106/Adive… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/47946"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156106/Adive-Framework-2.0.8-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T17:06:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/47946"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156106/Adive-Framework-2.0.8-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/47946",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/47946"
},
{
"name": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md"
},
{
"name": "http://packetstormsecurity.com/files/156106/Adive-Framework-2.0.8-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156106/Adive-Framework-2.0.8-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7991",
"datePublished": "2020-01-26T21:22:48.000Z",
"dateReserved": "2020-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:48:24.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4336 (GCVE-0-2024-4336)
Vulnerability from nvd – Published: 2024-04-30 09:34 – Updated: 2024-08-15 14:58
VLAI
Title
Múltiple vulnerabilities on Adive Framework
Summary
Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/tables/add, in multiple parameters. An attacker could retrieve the session details of an authenticated user.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adive | Adive Framework |
Affected:
2.0.8
|
Date Public
2024-04-30 09:30
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:40:46.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-adive-framework"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T17:58:36.556768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T14:58:57.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Adive Framework",
"vendor": "Adive",
"versions": [
{
"status": "affected",
"version": "2.0.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Rafael Pedrero"
}
],
"datePublic": "2024-04-30T09:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/tables/add, in multiple parameters. An attacker could retrieve the session details of an authenticated user."
}
],
"value": "Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/tables/add, in multiple parameters. An attacker could retrieve the session details of an authenticated user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-30T09:34:16.165Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-adive-framework"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no solution reported at the moment.\u003cbr\u003e"
}
],
"value": "There is no solution reported at the moment.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "M\u00faltiple vulnerabilities on Adive Framework",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-4336",
"datePublished": "2024-04-30T09:34:16.165Z",
"dateReserved": "2024-04-30T07:46:12.006Z",
"dateUpdated": "2024-08-15T14:58:57.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4337 (GCVE-0-2024-4337)
Vulnerability from nvd – Published: 2024-04-30 09:33 – Updated: 2024-09-03 18:16
VLAI
Title
Múltiple vulnerabilities on Adive Framework
Summary
Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/nav/add, in multiple parameters. This vulnerability allows an attacker to retrieve the session details of an authenticated user.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adive | Adive Framework |
Affected:
2.0.8
|
Date Public
2024-04-30 09:30
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:40:47.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-adive-framework"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T20:57:42.846601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:16:53.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Adive Framework",
"vendor": "Adive",
"versions": [
{
"status": "affected",
"version": "2.0.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Rafael Pedrero"
}
],
"datePublic": "2024-04-30T09:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/nav/add, in multiple parameters. This vulnerability allows an attacker to retrieve the session details of an authenticated user."
}
],
"value": "Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/nav/add, in multiple parameters. This vulnerability allows an attacker to retrieve the session details of an authenticated user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-30T09:33:46.193Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-adive-framework"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no solution reported at the moment.\u003cbr\u003e"
}
],
"value": "There is no solution reported at the moment.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "M\u00faltiple vulnerabilities on Adive Framework",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-4337",
"datePublished": "2024-04-30T09:33:46.193Z",
"dateReserved": "2024-04-30T07:46:33.495Z",
"dateUpdated": "2024-09-03T18:16:53.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7989 (GCVE-0-2020-7989)
Vulnerability from nvd – Published: 2020-01-26 21:23 – Updated: 2024-08-04 09:48
VLAI
Summary
Adive Framework 2.0.8 has admin/user/add userUsername XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/47946 | x_refsource_MISC |
| https://github.com/ferdinandmartin/adive-php7/blo… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/47946"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Adive Framework 2.0.8 has admin/user/add userUsername XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-26T21:23:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/47946"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adive Framework 2.0.8 has admin/user/add userUsername XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/47946",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/47946"
},
{
"name": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7989",
"datePublished": "2020-01-26T21:23:08.000Z",
"dateReserved": "2020-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:48:24.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7990 (GCVE-0-2020-7990)
Vulnerability from nvd – Published: 2020-01-26 21:22 – Updated: 2024-08-04 09:48
VLAI
Summary
Adive Framework 2.0.8 has admin/user/add userName XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/47946 | x_refsource_MISC |
| https://github.com/ferdinandmartin/adive-php7/blo… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/47946"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Adive Framework 2.0.8 has admin/user/add userName XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-26T21:22:58.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/47946"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adive Framework 2.0.8 has admin/user/add userName XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/47946",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/47946"
},
{
"name": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7990",
"datePublished": "2020-01-26T21:22:58.000Z",
"dateReserved": "2020-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:48:24.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7991 (GCVE-0-2020-7991)
Vulnerability from nvd – Published: 2020-01-26 21:22 – Updated: 2024-08-04 09:48
VLAI
Summary
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/47946 | x_refsource_MISC |
| https://github.com/ferdinandmartin/adive-php7/blo… | x_refsource_MISC |
| http://packetstormsecurity.com/files/156106/Adive… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/47946"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156106/Adive-Framework-2.0.8-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T17:06:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/47946"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156106/Adive-Framework-2.0.8-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/47946",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/47946"
},
{
"name": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md"
},
{
"name": "http://packetstormsecurity.com/files/156106/Adive-Framework-2.0.8-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156106/Adive-Framework-2.0.8-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7991",
"datePublished": "2020-01-26T21:22:48.000Z",
"dateReserved": "2020-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:48:24.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}