{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8783", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-09-13T13:01:40.414Z", "datePublished": "2024-09-13T18:31:06.312Z", "dateUpdated": "2024-09-16T17:45:16.384Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-09-13T18:31:06.312Z"}, "title": "OpenTibiaBR MyAAC Post Reply new_post.php cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}], "affected": [{"vendor": "OpenTibiaBR", "product": "MyAAC", "versions": [{"version": "0.8.0", "status": "affected"}, {"version": "0.8.1", "status": "affected"}, {"version": "0.8.2", "status": "affected"}, {"version": "0.8.3", "status": "affected"}, {"version": "0.8.4", "status": "affected"}, {"version": "0.8.5", "status": "affected"}, {"version": "0.8.6", "status": "affected"}, {"version": "0.8.7", "status": "affected"}, {"version": "0.8.8", "status": "affected"}, {"version": "0.8.9", "status": "affected"}, {"version": "0.8.10", "status": "affected"}, {"version": "0.8.11", "status": "affected"}, {"version": "0.8.12", "status": "affected"}, {"version": "0.8.13", "status": "affected"}, {"version": "0.8.14", "status": "affected"}, {"version": "0.8.15", "status": "affected"}, {"version": "0.8.16", "status": "affected"}], "modules": ["Post Reply Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Affected is an unknown function of the file system/pages/forum/new_post.php of the component Post Reply Handler. The manipulation of the argument post_topic leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in OpenTibiaBR MyAAC bis 0.8.16 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei system/pages/forum/new_post.php der Komponente Post Reply Handler. Durch die Manipulation des Arguments post_topic mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "timeline": [{"time": "2024-09-13T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-09-13T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-09-13T15:08:13.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Rafael Cintra Lopes (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.277434", "name": "VDB-277434 | OpenTibiaBR MyAAC Post Reply new_post.php cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.277434", "name": "VDB-277434 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.406368", "name": "Submit #406368 | OpenTibiaBR MyAAC 0.8.16 Cross-Site Scripting (XSS) in Forum", "tags": ["third-party-advisory"]}, {"url": "https://github.com/opentibiabr/myaac/issues/121", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/opentibiabr/myaac/pull/122", "tags": ["issue-tracking"]}, {"url": "https://github.com/opentibiabr/myaac/pull/122/commits/bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c", "tags": ["issue-tracking", "patch"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-16T17:45:07.863061Z", "id": "CVE-2024-8783", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-16T17:45:16.384Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8783", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-16T17:45:07.863061Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-16T17:45:13.396Z"}}], "cna": {"title": "OpenTibiaBR MyAAC Post Reply new_post.php cross site scripting", "credits": [{"lang": "en", "type": "reporter", "value": "Rafael Cintra Lopes (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "affected": [{"vendor": "OpenTibiaBR", "modules": ["Post Reply Handler"], "product": "MyAAC", "versions": [{"status": "affected", "version": "0.8.0"}, {"status": "affected", "version": "0.8.1"}, {"status": "affected", "version": "0.8.2"}, {"status": "affected", "version": "0.8.3"}, {"status": "affected", "version": "0.8.4"}, {"status": "affected", "version": "0.8.5"}, {"status": "affected", "version": "0.8.6"}, {"status": "affected", "version": "0.8.7"}, {"status": "affected", "version": "0.8.8"}, {"status": "affected", "version": "0.8.9"}, {"status": "affected", "version": "0.8.10"}, {"status": "affected", "version": "0.8.11"}, {"status": "affected", "version": "0.8.12"}, {"status": "affected", "version": "0.8.13"}, {"status": "affected", "version": "0.8.14"}, {"status": "affected", "version": "0.8.15"}, {"status": "affected", "version": "0.8.16"}]}], "timeline": [{"lang": "en", "time": "2024-09-13T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-09-13T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-09-13T15:08:13.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.277434", "name": "VDB-277434 | OpenTibiaBR MyAAC Post Reply new_post.php cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.277434", "name": "VDB-277434 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.406368", "name": "Submit #406368 | OpenTibiaBR MyAAC 0.8.16 Cross-Site Scripting (XSS) in Forum", "tags": ["third-party-advisory"]}, {"url": "https://github.com/opentibiabr/myaac/issues/121", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/opentibiabr/myaac/pull/122", "tags": ["issue-tracking"]}, {"url": "https://github.com/opentibiabr/myaac/pull/122/commits/bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c", "tags": ["issue-tracking", "patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Affected is an unknown function of the file system/pages/forum/new_post.php of the component Post Reply Handler. The manipulation of the argument post_topic leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in OpenTibiaBR MyAAC bis 0.8.16 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei system/pages/forum/new_post.php der Komponente Post Reply Handler. Durch die Manipulation des Arguments post_topic mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Cross Site Scripting"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-09-13T18:31:06.312Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8783", "state": "PUBLISHED", "dateUpdated": "2024-09-16T17:45:16.384Z", "dateReserved": "2024-09-13T13:01:40.414Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-09-13T18:31:06.312Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opentibiabr:myaac:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA7FFE60-44B1-45E5-9348-8497B55444B1", "versionEndIncluding": "0.8.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Affected is an unknown function of the file system/pages/forum/new_post.php of the component Post Reply Handler. The manipulation of the argument post_topic leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c. It is recommended to apply a patch to fix this issue."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en OpenTibiaBR MyAAC hasta la versi\u00f3n 0.8.16. Se ve afectada una funci\u00f3n desconocida del archivo system/pages/forum/new_post.php del componente Post Reply Handler. La manipulaci\u00f3n del argumento post_topic provoca Cross-site Scripting. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El parche se identifica como bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c. Se recomienda aplicar un parche para solucionar este problema."}], "id": "CVE-2024-8783", "lastModified": "2024-09-19T01:38:57.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-09-13T19:15:18.120", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/opentibiabr/myaac/issues/121"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/opentibiabr/myaac/pull/122"}, {"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/opentibiabr/myaac/pull/122/commits/bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.277434"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?id.277434"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?submit.406368"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{}