CVE-2024-3687
⚪ Do wiadomości
Wstrzyknięcie skryptów w bihell Dice umożliwia atak XSS zdalnie.
CVSS
3.5
EPSS
0.1%
Exploit
none
Vendor
Opis źródłowy (NVD)
A vulnerability was found in bihell Dice 3.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260474 is the identifier assigned to this vulnerability.
xss
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 3.5 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.1% |
| Opublikowano (NVD) | 2024-04-12 14:15:08 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-15 00:35:42 UTC |
Referencje
- https://github.com/fubxx/CVE/blob/main/DiceCMS-XSS.md (cna@vuldb.com)
- https://vuldb.com/?ctiid.260474 (cna@vuldb.com)
- https://vuldb.com/?id.260474 (cna@vuldb.com)
- https://vuldb.com/?submit.309445 (cna@vuldb.com)