Search criteria
9 vulnerabilities found for netcat_content_management_system by netcat
FKIE_CVE-2024-8653
Vulnerability from fkie_nvd - Published: 2024-09-19 17:15 - Updated: 2024-09-23 17:55
Severity ?
Summary
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site.
This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.
Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.
References
| URL | Tags | ||
|---|---|---|---|
| vulnerability@kaspersky.com | https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-003.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netcat | netcat_content_management_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netcat:netcat_content_management_system:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D20850FD-B115-402F-95F9-02B818DE8BFE",
"versionEndExcluding": "6.4.0.24248",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user\u0027s browser when they visit specific paths on the site.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
},
{
"lang": "es",
"value": "Una vulnerabilidad en NetCat CMS permite a un atacante ejecutar c\u00f3digo JavaScript en el navegador de un usuario cuando visita rutas espec\u00edficas en el sitio. Este problema afecta a NetCat CMS v. 6.4.0.24126.2 y posiblemente a otros. Aplicar el parche del proveedor https://netcat.ru/ https://netcat.ru/]. Las versiones 6.4.0.24248 y posteriores tienen el parche."
}
],
"id": "CVE-2024-8653",
"lastModified": "2024-09-23T17:55:01.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
}
]
},
"published": "2024-09-19T17:15:15.503",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-003.md"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-8651
Vulnerability from fkie_nvd - Published: 2024-09-19 17:15 - Updated: 2024-09-23 17:51
Severity ?
Summary
A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.
This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.
Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.
References
| URL | Tags | ||
|---|---|---|---|
| vulnerability@kaspersky.com | https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-001.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netcat | netcat_content_management_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netcat:netcat_content_management_system:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D20850FD-B115-402F-95F9-02B818DE8BFE",
"versionEndExcluding": "6.4.0.24248",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
},
{
"lang": "es",
"value": "Una vulnerabilidad en NetCat CMS permite a un atacante enviar una solicitud http especialmente manipulada que puede utilizarse para comprobar si un usuario existe en el sistema, lo que podr\u00eda ser la base para futuros ataques. Este problema afecta a NetCat CMS v. 6.4.0.24126.2 y posiblemente a otros. Aplicar el parche del proveedor https://netcat.ru/ https://netcat.ru/] . Las versiones 6.4.0.24248 y posteriores tienen el parche."
}
],
"id": "CVE-2024-8651",
"lastModified": "2024-09-23T17:51:13.050",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
}
]
},
"published": "2024-09-19T17:15:15.173",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-001.md"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-204"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-8652
Vulnerability from fkie_nvd - Published: 2024-09-19 17:15 - Updated: 2024-09-23 17:53
Severity ?
Summary
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site.
This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.
Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.
References
| URL | Tags | ||
|---|---|---|---|
| vulnerability@kaspersky.com | https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-002.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netcat | netcat_content_management_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netcat:netcat_content_management_system:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D20850FD-B115-402F-95F9-02B818DE8BFE",
"versionEndExcluding": "6.4.0.24248",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user\u0027s browser when they visit specific path on the site.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
},
{
"lang": "es",
"value": "Una vulnerabilidad en NetCat CMS permite a un atacante ejecutar c\u00f3digo JavaScript en el navegador de un usuario cuando visita una ruta espec\u00edfica en el sitio. Este problema afecta a NetCat CMS v. 6.4.0.24126.2 y posiblemente a otros. Aplicar el parche del proveedor https://netcat.ru/ https://netcat.ru/]. Las versiones 6.4.0.24248 y posteriores tienen el parche."
}
],
"id": "CVE-2024-8652",
"lastModified": "2024-09-23T17:53:49.197",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
}
]
},
"published": "2024-09-19T17:15:15.360",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-002.md"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-8653 (GCVE-0-2024-8653)
Vulnerability from cvelistv5 – Published: 2024-09-19 16:39 – Updated: 2024-09-19 18:23
VLAI?
Title
Netcat CMS: multiple reflected cross-site scripting vulnerabilities in netshop module
Summary
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site.
This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.
Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetCat | NetCat CMS |
Affected:
6.4.0.24126.2
Unaffected: 6.4.0.24248 |
Credits
The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8653",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T18:23:03.977010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T18:23:17.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "NetCat CMS",
"vendor": "NetCat",
"versions": [
{
"status": "affected",
"version": "6.4.0.24126.2"
},
{
"status": "unaffected",
"version": "6.4.0.24248"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user\u0027s browser when they visit specific paths on the site.\u003cbr\u003e\u003cp\u003eThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\u003cbr\u003e\nApply patch from vendor \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://netcat.ru/]\"\u003ehttps://netcat.ru/\u003c/a\u003e. Versions 6.4.0.24248 and on have the patch. \n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user\u0027s browser when they visit specific paths on the site.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591: Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T16:39:23.108Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-003.md"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply patch from vendor \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://netcat.ru/]\"\u003ehttps://netcat.ru/\u003c/a\u003e. Versions 6.4.0.24248 and on have the patch. \u003cbr\u003e"
}
],
"value": "Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Netcat CMS: multiple reflected cross-site scripting vulnerabilities in netshop module",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2024-8653",
"datePublished": "2024-09-19T16:39:23.108Z",
"dateReserved": "2024-09-10T12:27:49.675Z",
"dateUpdated": "2024-09-19T18:23:17.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8652 (GCVE-0-2024-8652)
Vulnerability from cvelistv5 – Published: 2024-09-19 16:35 – Updated: 2024-09-19 18:23
VLAI?
Title
Netcat CMS: reflected cross-site scripting in openstat module
Summary
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site.
This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.
Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetCat | NetCat CMS |
Affected:
6.4.0.24126.2
Unaffected: 6.4.0.24248 |
Credits
The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T18:23:42.731577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T18:23:52.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "NetCat CMS",
"vendor": "NetCat",
"versions": [
{
"status": "affected",
"version": "6.4.0.24126.2"
},
{
"status": "unaffected",
"version": "6.4.0.24248"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user\u0027s browser when they visit specific path on the site.\u003cbr\u003e\u003cp\u003eThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\u003cbr\u003e\nApply patch from vendor \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://netcat.ru/]\"\u003ehttps://netcat.ru/\u003c/a\u003e. Versions 6.4.0.24248 and on have the patch. \n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user\u0027s browser when they visit specific path on the site.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591: Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T16:35:55.844Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-002.md"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply patch from vendor \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://netcat.ru/]\"\u003ehttps://netcat.ru/\u003c/a\u003e. Versions 6.4.0.24248 and on have the patch. \u003cbr\u003e"
}
],
"value": "Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Netcat CMS: reflected cross-site scripting in openstat module",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2024-8652",
"datePublished": "2024-09-19T16:35:55.844Z",
"dateReserved": "2024-09-10T12:27:48.141Z",
"dateUpdated": "2024-09-19T18:23:52.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8651 (GCVE-0-2024-8651)
Vulnerability from cvelistv5 – Published: 2024-09-19 16:30 – Updated: 2024-09-19 18:28
VLAI?
Title
Netcat CMS: user enumeration
Summary
A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.
This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.
Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.
Severity ?
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetCat | NetCat CMS |
Affected:
6.4.0.24126.2
Unaffected: 6.4.0.24248 |
Credits
The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netcat:netcat:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netcat",
"vendor": "netcat",
"versions": [
{
"status": "affected",
"version": "6.4.0.24126.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8651",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T18:24:17.134225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T18:28:53.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "NetCat CMS",
"vendor": "NetCat",
"versions": [
{
"status": "affected",
"version": "6.4.0.24126.2"
},
{
"status": "unaffected",
"version": "6.4.0.24248"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.\u003cbr\u003e\u003cp\u003eThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\u003cbr\u003e\nApply patch from vendor \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://netcat.ru/]\"\u003ehttps://netcat.ru/\u003c/a\u003e. Versions 6.4.0.24248 and on have the patch. \n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
],
"impacts": [
{
"capecId": "CAPEC-575",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-575: Account Footprinting"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T16:36:20.801Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-001.md"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply patch from vendor \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://netcat.ru/]\"\u003ehttps://netcat.ru/\u003c/a\u003e. Versions 6.4.0.24248 and on have the patch. \u003cbr\u003e"
}
],
"value": "Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Netcat CMS: user enumeration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2024-8651",
"datePublished": "2024-09-19T16:30:10.685Z",
"dateReserved": "2024-09-10T12:27:44.134Z",
"dateUpdated": "2024-09-19T18:28:53.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8653 (GCVE-0-2024-8653)
Vulnerability from nvd – Published: 2024-09-19 16:39 – Updated: 2024-09-19 18:23
VLAI?
Title
Netcat CMS: multiple reflected cross-site scripting vulnerabilities in netshop module
Summary
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site.
This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.
Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetCat | NetCat CMS |
Affected:
6.4.0.24126.2
Unaffected: 6.4.0.24248 |
Credits
The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8653",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T18:23:03.977010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T18:23:17.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "NetCat CMS",
"vendor": "NetCat",
"versions": [
{
"status": "affected",
"version": "6.4.0.24126.2"
},
{
"status": "unaffected",
"version": "6.4.0.24248"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user\u0027s browser when they visit specific paths on the site.\u003cbr\u003e\u003cp\u003eThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\u003cbr\u003e\nApply patch from vendor \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://netcat.ru/]\"\u003ehttps://netcat.ru/\u003c/a\u003e. Versions 6.4.0.24248 and on have the patch. \n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user\u0027s browser when they visit specific paths on the site.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591: Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T16:39:23.108Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-003.md"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply patch from vendor \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://netcat.ru/]\"\u003ehttps://netcat.ru/\u003c/a\u003e. Versions 6.4.0.24248 and on have the patch. \u003cbr\u003e"
}
],
"value": "Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Netcat CMS: multiple reflected cross-site scripting vulnerabilities in netshop module",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2024-8653",
"datePublished": "2024-09-19T16:39:23.108Z",
"dateReserved": "2024-09-10T12:27:49.675Z",
"dateUpdated": "2024-09-19T18:23:17.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8652 (GCVE-0-2024-8652)
Vulnerability from nvd – Published: 2024-09-19 16:35 – Updated: 2024-09-19 18:23
VLAI?
Title
Netcat CMS: reflected cross-site scripting in openstat module
Summary
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site.
This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.
Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetCat | NetCat CMS |
Affected:
6.4.0.24126.2
Unaffected: 6.4.0.24248 |
Credits
The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T18:23:42.731577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T18:23:52.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "NetCat CMS",
"vendor": "NetCat",
"versions": [
{
"status": "affected",
"version": "6.4.0.24126.2"
},
{
"status": "unaffected",
"version": "6.4.0.24248"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user\u0027s browser when they visit specific path on the site.\u003cbr\u003e\u003cp\u003eThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\u003cbr\u003e\nApply patch from vendor \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://netcat.ru/]\"\u003ehttps://netcat.ru/\u003c/a\u003e. Versions 6.4.0.24248 and on have the patch. \n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user\u0027s browser when they visit specific path on the site.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591: Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T16:35:55.844Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-002.md"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply patch from vendor \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://netcat.ru/]\"\u003ehttps://netcat.ru/\u003c/a\u003e. Versions 6.4.0.24248 and on have the patch. \u003cbr\u003e"
}
],
"value": "Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Netcat CMS: reflected cross-site scripting in openstat module",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2024-8652",
"datePublished": "2024-09-19T16:35:55.844Z",
"dateReserved": "2024-09-10T12:27:48.141Z",
"dateUpdated": "2024-09-19T18:23:52.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8651 (GCVE-0-2024-8651)
Vulnerability from nvd – Published: 2024-09-19 16:30 – Updated: 2024-09-19 18:28
VLAI?
Title
Netcat CMS: user enumeration
Summary
A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.
This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.
Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.
Severity ?
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetCat | NetCat CMS |
Affected:
6.4.0.24126.2
Unaffected: 6.4.0.24248 |
Credits
The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netcat:netcat:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netcat",
"vendor": "netcat",
"versions": [
{
"status": "affected",
"version": "6.4.0.24126.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8651",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T18:24:17.134225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T18:28:53.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "NetCat CMS",
"vendor": "NetCat",
"versions": [
{
"status": "affected",
"version": "6.4.0.24126.2"
},
{
"status": "unaffected",
"version": "6.4.0.24248"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.\u003cbr\u003e\u003cp\u003eThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\u003cbr\u003e\nApply patch from vendor \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://netcat.ru/]\"\u003ehttps://netcat.ru/\u003c/a\u003e. Versions 6.4.0.24248 and on have the patch. \n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.\nThis issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.\n\nApply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
],
"impacts": [
{
"capecId": "CAPEC-575",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-575: Account Footprinting"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T16:36:20.801Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-001.md"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply patch from vendor \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://netcat.ru/]\"\u003ehttps://netcat.ru/\u003c/a\u003e. Versions 6.4.0.24248 and on have the patch. \u003cbr\u003e"
}
],
"value": "Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Netcat CMS: user enumeration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2024-8651",
"datePublished": "2024-09-19T16:30:10.685Z",
"dateReserved": "2024-09-10T12:27:44.134Z",
"dateUpdated": "2024-09-19T18:28:53.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}