{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-9856","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-10-11T06:35:16.905Z","datePublished":"2024-10-11T12:31:06.506Z","dateUpdated":"2024-10-11T14:13:23.820Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-10-11T12:31:06.506Z"},"title":"07FLYCMS/07FLY-CMS/07FlyCRM System Settings Page cross site scripting","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"Cross Site Scripting"}]}],"affected":[{"vendor":"n/a","product":"07FLYCMS","versions":[{"version":"1.3.8","status":"affected"}],"modules":["System Settings Page"]},{"vendor":"n/a","product":"07FLY-CMS","versions":[{"version":"1.3.8","status":"affected"}],"modules":["System Settings Page"]},{"vendor":"n/a","product":"07FlyCRM","versions":[{"version":"1.3.8","status":"affected"}],"modules":["System Settings Page"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component System Settings Page. The manipulation of the argument Login Interface Copyright leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address."},{"lang":"de","value":"Eine problematische Schwachstelle wurde in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8 ausgemacht. Dies betrifft einen unbekannten Teil der Komponente System Settings Page. Durch die Manipulation des Arguments Login Interface Copyright mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":2.4,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":2.4,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":3.3,"vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N"}}],"timeline":[{"time":"2024-10-11T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-10-11T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-10-11T08:40:40.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"chenzijie0619 (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.280052","name":"VDB-280052 | 07FLYCMS/07FLY-CMS/07FlyCRM System Settings Page cross site scripting","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.280052","name":"VDB-280052 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.419223","name":"Submit #419223 | 零起飞 07FlyCms 1.3.8 XSS","tags":["third-party-advisory"]},{"url":"https://github.com/DeepMountains/zzz/blob/main/CVE6-2.md","tags":["exploit"]}]},"adp":[{"affected":[{"vendor":"07fly","product":"07fly-cms","cpes":["cpe:2.3:a:07fly:07fly-cms:1.3.8:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1.3.8","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-11T14:07:41.807371Z","id":"CVE-2024-9856","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-11T14:13:23.820Z"}}]}}