CVE-2024-9856 (GCVE-0-2024-9856)

Vulnerability from cvelistv5 – Published: 2024-10-11 12:31 – Updated: 2024-10-11 14:13
VLAI?
Title
07FLYCMS/07FLY-CMS/07FlyCRM System Settings Page cross site scripting
Summary
A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component System Settings Page. The manipulation of the argument Login Interface Copyright leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.
Severity ?
5.1 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2.4 (Low)
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
2.4 (Low)
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
CWE
  • CWE-79 - Cross Site Scripting
Assigner
References
Impacted products
Vendor Product Version
n/a 07FLYCMS Affected: 1.3.8
    n/a 07FLY-CMS Affected: 1.3.8
    n/a 07FlyCRM Affected: 1.3.8
Credits
chenzijie0619 (VulDB User)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:07fly:07fly-cms:1.3.8:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "07fly-cms",
            "vendor": "07fly",
            "versions": [
              {
                "status": "affected",
                "version": "1.3.8"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9856",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-11T14:07:41.807371Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-11T14:13:23.820Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "System Settings Page"
          ],
          "product": "07FLYCMS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "1.3.8"
            }
          ]
        },
        {
          "modules": [
            "System Settings Page"
          ],
          "product": "07FLY-CMS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "1.3.8"
            }
          ]
        },
        {
          "modules": [
            "System Settings Page"
          ],
          "product": "07FlyCRM",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "1.3.8"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "chenzijie0619 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component System Settings Page. The manipulation of the argument Login Interface Copyright leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address."
        },
        {
          "lang": "de",
          "value": "Eine problematische Schwachstelle wurde in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8 ausgemacht. Dies betrifft einen unbekannten Teil der Komponente System Settings Page. Durch die Manipulation des Arguments Login Interface Copyright mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 3.3,
            "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross Site Scripting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-11T12:31:06.506Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-280052 | 07FLYCMS/07FLY-CMS/07FlyCRM System Settings Page cross site scripting",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.280052"
        },
        {
          "name": "VDB-280052 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.280052"
        },
        {
          "name": "Submit #419223 | \u96f6\u8d77\u98de 07FlyCms 1.3.8 XSS",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.419223"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/DeepMountains/zzz/blob/main/CVE6-2.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-11T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-10-11T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-10-11T08:40:40.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "07FLYCMS/07FLY-CMS/07FlyCRM System Settings Page cross site scripting"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-9856",
    "datePublished": "2024-10-11T12:31:06.506Z",
    "dateReserved": "2024-10-11T06:35:16.905Z",
    "dateUpdated": "2024-10-11T14:13:23.820Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component System Settings Page. The manipulation of the argument Login Interface Copyright leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.\"}, {\"lang\": \"es\", \"value\": \"Se ha encontrado una vulnerabilidad en 07FLYCMS, 07FLY-CMS y 07FlyCRM 1.3.8. Se ha calificado como problem\\u00e1tica. Este problema afecta a algunas funciones desconocidas del componente System Settings Page. La manipulaci\\u00f3n del argumento Login Interface Copyright provoca cross-site scripting. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\\u00fablico y puede utilizarse. El producto afectado se conoce con diferentes nombres, como 07FLYCMS, 07FLY-CMS y 07FlyCRM. No fue posible ponerse en contacto con el proveedor antes de asignar un CVE debido a que la direcci\\u00f3n de correo electr\\u00f3nico no funcionaba.\"}]",
      "id": "CVE-2024-9856",
      "lastModified": "2024-10-15T12:58:51.050",
      "metrics": "{\"cvssMetricV40\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 5.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"NONE\", \"vulnerableSystemIntegrity\": \"LOW\", \"vulnerableSystemAvailability\": \"NONE\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 2.4, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:M/C:N/I:P/A:N\", \"baseScore\": 3.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"MULTIPLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.4, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2024-10-11T13:15:21.883",
      "references": "[{\"url\": \"https://github.com/DeepMountains/zzz/blob/main/CVE6-2.md\", \"source\": \"cna@vuldb.com\"}, {\"url\": \"https://vuldb.com/?ctiid.280052\", \"source\": \"cna@vuldb.com\"}, {\"url\": \"https://vuldb.com/?id.280052\", \"source\": \"cna@vuldb.com\"}, {\"url\": \"https://vuldb.com/?submit.419223\", \"source\": \"cna@vuldb.com\"}]",
      "sourceIdentifier": "cna@vuldb.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-9856\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2024-10-11T13:15:21.883\",\"lastModified\":\"2025-07-30T15:42:24.360\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component System Settings Page. The manipulation of the argument Login Interface Copyright leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado una vulnerabilidad en 07FLYCMS, 07FLY-CMS y 07FlyCRM 1.3.8. Se ha calificado como problem\u00e1tica. Este problema afecta a algunas funciones desconocidas del componente System Settings Page. La manipulaci\u00f3n del argumento Login Interface Copyright provoca cross-site scripting. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El producto afectado se conoce con diferentes nombres, como 07FLYCMS, 07FLY-CMS y 07FlyCRM. No fue posible ponerse en contacto con el proveedor antes de asignar un CVE debido a que la direcci\u00f3n de correo electr\u00f3nico no funcionaba.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":2.4,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:M/C:N/I:P/A:N\",\"baseScore\":3.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"MULTIPLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:07fly:07flycms:1.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAF14397-080B-4E60-8402-B128B0F46F58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:07fly:customer_relationship_management:1.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23DA6053-A18B-431D-B962-EFA01DE855D5\"}]}]}],\"references\":[{\"url\":\"https://github.com/DeepMountains/zzz/blob/main/CVE6-2.md\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.280052\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?id.280052\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?submit.419223\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2024-10-11T12:31:06.506Z\"}, \"title\": \"07FLYCMS/07FLY-CMS/07FlyCRM System Settings Page cross site scripting\", \"problemTypes\": [{\"descriptions\": [{\"type\": \"CWE\", \"cweId\": \"CWE-79\", \"lang\": \"en\", \"description\": \"Cross Site Scripting\"}]}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"07FLYCMS\", \"versions\": [{\"version\": \"1.3.8\", \"status\": \"affected\"}], \"modules\": [\"System Settings Page\"]}, {\"vendor\": \"n/a\", \"product\": \"07FLY-CMS\", \"versions\": [{\"version\": \"1.3.8\", \"status\": \"affected\"}], \"modules\": [\"System Settings Page\"]}, {\"vendor\": \"n/a\", \"product\": \"07FlyCRM\", \"versions\": [{\"version\": \"1.3.8\", \"status\": \"affected\"}], \"modules\": [\"System Settings Page\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component System Settings Page. The manipulation of the argument Login Interface Copyright leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.\"}, {\"lang\": \"de\", \"value\": \"Eine problematische Schwachstelle wurde in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8 ausgemacht. Dies betrifft einen unbekannten Teil der Komponente System Settings Page. Durch die Manipulation des Arguments Login Interface Copyright mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \\u00fcber das Netzwerk passieren. Der Exploit steht zur \\u00f6ffentlichen Verf\\u00fcgung.\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.1, \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\", \"baseSeverity\": \"MEDIUM\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 2.4, \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N\", \"baseSeverity\": \"LOW\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 2.4, \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N\", \"baseSeverity\": \"LOW\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 3.3, \"vectorString\": \"AV:N/AC:L/Au:M/C:N/I:P/A:N\"}}], \"timeline\": [{\"time\": \"2024-10-11T00:00:00.000Z\", \"lang\": \"en\", \"value\": \"Advisory disclosed\"}, {\"time\": \"2024-10-11T02:00:00.000Z\", \"lang\": \"en\", \"value\": \"VulDB entry created\"}, {\"time\": \"2024-10-11T08:40:40.000Z\", \"lang\": \"en\", \"value\": \"VulDB entry last update\"}], \"credits\": [{\"lang\": \"en\", \"value\": \"chenzijie0619 (VulDB User)\", \"type\": \"reporter\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.280052\", \"name\": \"VDB-280052 | 07FLYCMS/07FLY-CMS/07FlyCRM System Settings Page cross site scripting\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.280052\", \"name\": \"VDB-280052 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.419223\", \"name\": \"Submit #419223 | \\u96f6\\u8d77\\u98de 07FlyCms 1.3.8 XSS\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/DeepMountains/zzz/blob/main/CVE6-2.md\", \"tags\": [\"exploit\"]}]}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-9856\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-11T14:07:41.807371Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:07fly:07fly-cms:1.3.8:*:*:*:*:*:*:*\"], \"vendor\": \"07fly\", \"product\": \"07fly-cms\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.3.8\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-11T14:13:15.312Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-9856\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"VulDB\", \"dateReserved\": \"2024-10-11T06:35:16.905Z\", \"datePublished\": \"2024-10-11T12:31:06.506Z\", \"dateUpdated\": \"2024-10-11T14:13:23.820Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.