CVE-2024-5383

lakernote EasyAdmin upload cross site scripting

CVSS 5.3 MEDIUMEPSS 0.3%CWE-79

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

26 May 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability classified as problematic has been found in lakernote EasyAdmin up to 20240324. This affects an unknown part of the file /sys/file/upload. The manipulation of the argument file leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 9c8a836ace17a93c45e5ad52a2340788b7795030. It is recommended to apply a patch to fix this issue. The identifier VDB-266301 was assigned to this vulnerability.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected products

lakernote · EasyAdmin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gitee.com/lakernote/easy-admin/commit/9c8a836ace17a93c45e5ad52a2340788b7795030 https://gitee.com/lakernote/easy-admin/issues/I9B58I https://vuldb.com/?ctiid.266301 https://vuldb.com/?id.266301