FKIE_CVE-2024-29644
Vulnerability from fkie_nvd - Published: 2024-03-26 12:15 - Updated: 2025-04-30 16:48
Severity ?
Summary
Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://dcat-admin.com | Product | |
| cve@mitre.org | https://github.com/jqhph/dcat-admin | Product | |
| cve@mitre.org | https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://dcat-admin.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jqhph/dcat-admin | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dcatadmin | dcat_admin | * | |
| dcatadmin | dcat_admin | 2.0.0 | |
| dcatadmin | dcat_admin | 2.0.1 | |
| dcatadmin | dcat_admin | 2.0.2 | |
| dcatadmin | dcat_admin | 2.0.3 | |
| dcatadmin | dcat_admin | 2.0.4 | |
| dcatadmin | dcat_admin | 2.0.5 | |
| dcatadmin | dcat_admin | 2.0.6 | |
| dcatadmin | dcat_admin | 2.0.7 | |
| dcatadmin | dcat_admin | 2.0.8 | |
| dcatadmin | dcat_admin | 2.0.9 | |
| dcatadmin | dcat_admin | 2.0.10 | |
| dcatadmin | dcat_admin | 2.0.11 | |
| dcatadmin | dcat_admin | 2.0.12 | |
| dcatadmin | dcat_admin | 2.0.13 | |
| dcatadmin | dcat_admin | 2.0.14 | |
| dcatadmin | dcat_admin | 2.0.15 | |
| dcatadmin | dcat_admin | 2.0.16 | |
| dcatadmin | dcat_admin | 2.0.17 | |
| dcatadmin | dcat_admin | 2.0.18 | |
| dcatadmin | dcat_admin | 2.0.19 | |
| dcatadmin | dcat_admin | 2.0.20 | |
| dcatadmin | dcat_admin | 2.0.21 | |
| dcatadmin | dcat_admin | 2.0.22 | |
| dcatadmin | dcat_admin | 2.0.23 | |
| dcatadmin | dcat_admin | 2.0.24 | |
| dcatadmin | dcat_admin | 2.1.0 | |
| dcatadmin | dcat_admin | 2.1.1 | |
| dcatadmin | dcat_admin | 2.1.2 | |
| dcatadmin | dcat_admin | 2.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4217AF-E0B6-4A5C-8BAF-F86C9B11F558",
"versionEndIncluding": "1.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "25F5B3A0-A4BC-4E5E-839D-8617411531E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "770BB49B-4092-4731-AA54-FBE69BD328CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "9C20ADEC-2D34-4504-A2A5-04291CF58FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "4D1580C7-2CE9-4C50-887F-24B4F2E60DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "6C85600D-5624-4E2C-B549-C54590F7602F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "618420AD-26D9-4EFF-B1A0-908E34CF60C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "D31F81F7-9712-4A85-A12A-98F545CDB3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "95C94A3D-EBFA-4B3C-ACCA-03E4FB13BC0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.8:beta:*:*:*:*:*:*",
"matchCriteriaId": "93467373-3E14-4D30-A672-2C51ABA91CDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.9:beta:*:*:*:*:*:*",
"matchCriteriaId": "7912F297-97FC-4897-B3BE-8B70C683A709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.10:beta:*:*:*:*:*:*",
"matchCriteriaId": "52F2CD0C-2AFD-4611-A93B-C56D9805FE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.11:beta:*:*:*:*:*:*",
"matchCriteriaId": "B7197805-2B42-46DD-A123-6CEA6F34E4BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.12:beta:*:*:*:*:*:*",
"matchCriteriaId": "BE87FED3-7A9C-404A-A80A-856BE66AF4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.13:beta:*:*:*:*:*:*",
"matchCriteriaId": "CAACBFB1-0647-489B-881E-521FD698D459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.14:beta:*:*:*:*:*:*",
"matchCriteriaId": "3D3AF413-853D-4EB4-BE5A-F9A2564FD98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.15:beta:*:*:*:*:*:*",
"matchCriteriaId": "7F2DCA57-4823-4D4D-94C3-F90F377C32FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.16:beta:*:*:*:*:*:*",
"matchCriteriaId": "BB04F8BA-9B0A-4254-9DA4-E005FE60DCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.17:beta:*:*:*:*:*:*",
"matchCriteriaId": "CEDC8077-A2F3-4818-BB63-0B5D147A6324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.18:beta:*:*:*:*:*:*",
"matchCriteriaId": "C745F249-CABC-4305-A783-F24869016783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.19:beta:*:*:*:*:*:*",
"matchCriteriaId": "C0CD5762-DAB9-4105-A6C0-1A55047E62D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.20:beta:*:*:*:*:*:*",
"matchCriteriaId": "397F7A7C-BA39-47D1-A119-F05E6A9749E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.21:beta:*:*:*:*:*:*",
"matchCriteriaId": "41A8D328-2107-4A62-9760-7CB2154460E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.22:beta:*:*:*:*:*:*",
"matchCriteriaId": "4FC95D17-7ED8-4C96-8174-0C3FB8D262D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.23:beta:*:*:*:*:*:*",
"matchCriteriaId": "43317B4C-5D37-4137-8506-550C0E1EB9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.24:beta:*:*:*:*:*:*",
"matchCriteriaId": "232E98CA-CD74-4031-B9CC-BD0B6F3696FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "21B35977-D1A2-486D-BE07-8D94D4BD8FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.1.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "E2F183CA-2110-4263-A4E5-A8630B614B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.1.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "309A1CED-2697-42D4-AF85-999B90FDBFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.1.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "EA07899B-5D17-4D06-8BFC-A8B19F70B994",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting en dcat-admin v.2.1.3 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el cuadro de inicio de sesi\u00f3n del usuario."
}
],
"id": "CVE-2024-29644",
"lastModified": "2025-04-30T16:48:15.930",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-26T12:15:50.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://dcat-admin.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/jqhph/dcat-admin"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://dcat-admin.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/jqhph/dcat-admin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…