{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9856", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-10-11T06:35:16.905Z", "datePublished": "2024-10-11T12:31:06.506Z", "dateUpdated": "2024-10-11T14:13:23.820Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-10-11T12:31:06.506Z"}, "title": "07FLYCMS/07FLY-CMS/07FlyCRM System Settings Page cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}], "affected": [{"vendor": "n/a", "product": "07FLYCMS", "versions": [{"version": "1.3.8", "status": "affected"}], "modules": ["System Settings Page"]}, {"vendor": "n/a", "product": "07FLY-CMS", "versions": [{"version": "1.3.8", "status": "affected"}], "modules": ["System Settings Page"]}, {"vendor": "n/a", "product": "07FlyCRM", "versions": [{"version": "1.3.8", "status": "affected"}], "modules": ["System Settings Page"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component System Settings Page. The manipulation of the argument Login Interface Copyright leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address."}, {"lang": "de", "value": "Eine problematische Schwachstelle wurde in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8 ausgemacht. Dies betrifft einen unbekannten Teil der Komponente System Settings Page. Durch die Manipulation des Arguments Login Interface Copyright mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"}}], "timeline": [{"time": "2024-10-11T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-10-11T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-10-11T08:40:40.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "chenzijie0619 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.280052", "name": "VDB-280052 | 07FLYCMS/07FLY-CMS/07FlyCRM System Settings Page cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.280052", "name": "VDB-280052 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.419223", "name": "Submit #419223 | \u96f6\u8d77\u98de 07FlyCms 1.3.8 XSS", "tags": ["third-party-advisory"]}, {"url": "https://github.com/DeepMountains/zzz/blob/main/CVE6-2.md", "tags": ["exploit"]}]}, "adp": [{"affected": [{"vendor": "07fly", "product": "07fly-cms", "cpes": ["cpe:2.3:a:07fly:07fly-cms:1.3.8:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.3.8", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-11T14:07:41.807371Z", "id": "CVE-2024-9856", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T14:13:23.820Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9856", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-10-11T06:35:16.905Z", "datePublished": "2024-10-11T12:31:06.506Z", "dateUpdated": "2024-10-11T14:13:23.820Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-10-11T12:31:06.506Z"}, "title": "07FLYCMS/07FLY-CMS/07FlyCRM System Settings Page cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}], "affected": [{"vendor": "n/a", "product": "07FLYCMS", "versions": [{"version": "1.3.8", "status": "affected"}], "modules": ["System Settings Page"]}, {"vendor": "n/a", "product": "07FLY-CMS", "versions": [{"version": "1.3.8", "status": "affected"}], "modules": ["System Settings Page"]}, {"vendor": "n/a", "product": "07FlyCRM", "versions": [{"version": "1.3.8", "status": "affected"}], "modules": ["System Settings Page"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component System Settings Page. The manipulation of the argument Login Interface Copyright leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address."}, {"lang": "de", "value": "Eine problematische Schwachstelle wurde in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8 ausgemacht. Dies betrifft einen unbekannten Teil der Komponente System Settings Page. Durch die Manipulation des Arguments Login Interface Copyright mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"}}], "timeline": [{"time": "2024-10-11T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-10-11T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-10-11T08:40:40.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "chenzijie0619 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.280052", "name": "VDB-280052 | 07FLYCMS/07FLY-CMS/07FlyCRM System Settings Page cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.280052", "name": "VDB-280052 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.419223", "name": "Submit #419223 | \u96f6\u8d77\u98de 07FlyCms 1.3.8 XSS", "tags": ["third-party-advisory"]}, {"url": "https://github.com/DeepMountains/zzz/blob/main/CVE6-2.md", "tags": ["exploit"]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9856", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-11T14:07:41.807371Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:07fly:07fly-cms:1.3.8:*:*:*:*:*:*:*"], "vendor": "07fly", "product": "07fly-cms", "versions": [{"status": "affected", "version": "1.3.8"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T14:13:15.312Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component System Settings Page. The manipulation of the argument Login Interface Copyright leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en 07FLYCMS, 07FLY-CMS y 07FlyCRM 1.3.8. Se ha calificado como problem\u00e1tica. Este problema afecta a algunas funciones desconocidas del componente System Settings Page. La manipulaci\u00f3n del argumento Login Interface Copyright provoca cross-site scripting. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El producto afectado se conoce con diferentes nombres, como 07FLYCMS, 07FLY-CMS y 07FlyCRM. No fue posible ponerse en contacto con el proveedor antes de asignar un CVE debido a que la direcci\u00f3n de correo electr\u00f3nico no funcionaba."}], "id": "CVE-2024-9856", "lastModified": "2024-10-15T12:58:51.050", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-10-11T13:15:21.883", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/DeepMountains/zzz/blob/main/CVE6-2.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.280052"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.280052"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.419223"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}