Detections
Analytics

CVE-2024-8521

medium

Description

A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manual leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.8.1 is able to address this issue. The patch is identified as b31002cec6b71ab5f738881806bb546430ec692e. It is recommended to upgrade the affected component.

References

https://vuldb.com/?submit.399819

https://vuldb.com/?id.276726

https://vuldb.com/?ctiid.276726

https://github.com/wavelog/wavelog/releases/tag/1.8.1

https://github.com/wavelog/wavelog/pull/744

https://github.com/wavelog/wavelog/commit/b31002cec6b71ab5f738881806bb546430ec692e

https://github.com/GithubUser843205/CVEs/tree/main/CVE-2024-8521

Details

Source: Mitre, NVD

Published: 2024-09-07

Updated: 2024-09-09

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Severity: Medium