github - ghsa-wff2-3734-8hcr

ghsa-wff2-3734-8hcr

Vulnerability from github

Published

2024-09-07 09:30

Modified

2024-09-07 09:30

Severity

4.3 (Medium) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
6.9 (Medium) - CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Details

A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manual leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.8.1 is able to address this issue. The patch is identified as b31002cec6b71ab5f738881806bb546430ec692e. It is recommended to upgrade the affected component.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-8521"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-07T08:15:11Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manual leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.8.1 is able to address this issue. The patch is identified as b31002cec6b71ab5f738881806bb546430ec692e. It is recommended to upgrade the affected component.",
  "id": "GHSA-wff2-3734-8hcr",
  "modified": "2024-09-07T09:30:31Z",
  "published": "2024-09-07T09:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8521"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wavelog/wavelog/pull/744"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wavelog/wavelog/commit/b31002cec6b71ab5f738881806bb546430ec692e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/GithubUser843205/CVEs/tree/main/CVE-2024-8521"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wavelog/wavelog/releases/tag/1.8.1"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.276726"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.276726"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.399819"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

cve-2024-8521

Vulnerability from cvelistv5

Published

2024-09-07 08:00

Modified

2024-09-09 13:47

Severity

6.9 (Medium) - cvssV4_0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4.3 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

Wavelog Live QSO qso index cross site scripting

References

URL	Tags
https://vuldb.com/?id.276726	vdb-entry, technical-description
https://vuldb.com/?ctiid.276726	signature, permissions-required
https://vuldb.com/?submit.399819	third-party-advisory
https://github.com/wavelog/wavelog/pull/744	issue-tracking
https://github.com/GithubUser843205/CVEs/tree/main/CVE-2024-8521	exploit
https://github.com/wavelog/wavelog/commit/b31002cec6b71ab5f738881806bb546430ec692e	patch
https://github.com/wavelog/wavelog/releases/tag/1.8.1	patch

Impacted products

Vendor	Product
n/a	Wavelog

Show details on NVD website