CVE-2024-3138
published 2024-04-01CVE-2024-3138: ** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. It has been rated as problematic. This issue affects some unknown processing of…
PriorityP416low3.5CVSS 3.1
AVNACLPRLUIRSUCNILAN
EPSS
0.47%
37.2th percentile
** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. It has been rated as problematic. This issue affects some unknown processing of the component Add Portal Note. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-258911. NOTE: The vendor explains that the PDF is opened by the browser app in a sandbox, so no data from the website should be accessible.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| francoisjacquet | rosariosis | — | — |
| francoisjacquet | rosariosis | 0 – 11.5.1 | — |
CVSS provenance
nvdv3.13.5LOWCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
RosarioSIS cross site scripting vulnerability
ghsa·2024-04-02
CVE-2024-3138 [LOW] CWE-79 RosarioSIS cross site scripting vulnerability
RosarioSIS cross site scripting vulnerability
** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. It has been rated as problematic. This issue affects some unknown processing of the component Add Portal Note. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-258911. NOTE: The vendor explains that the PDF is opened by the browser app in a sandbox, so no data from the website should be accessible.
OSV
RosarioSIS cross site scripting vulnerability
osv·2024-04-02
CVE-2024-3138 [LOW] RosarioSIS cross site scripting vulnerability
RosarioSIS cross site scripting vulnerability
** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. It has been rated as problematic. This issue affects some unknown processing of the component Add Portal Note. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-258911. NOTE: The vendor explains that the PDF is opened by the browser app in a sandbox, so no data from the website should be accessible.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2023-52580 kernel: net/core: kernel crash in ETH_P_1588 flow dissector
bugzilla·2024-03-04·CVSS 5.5
CVE-2023-52580 [MEDIUM] CVE-2023-52580 kernel: net/core: kernel crash in ETH_P_1588 flow dissector
CVE-2023-52580 kernel: net/core: kernel crash in ETH_P_1588 flow dissector
In the Linux kernel, the following vulnerability has been resolved:
net/core: Fix ETH_P_1588 flow dissector
The Linux kernel CVE team has assigned CVE-2023-52580 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024030258-CVE-2023-52580-c37e@gregkh/T/#u
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:2950
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:3138 ht
Bugzilla
CVE-2021-3753 kernel: a race out-of-bound read in vt
bugzilla·2021-08-31·CVSS 4.7
CVE-2021-3753 [MEDIUM] CVE-2021-3753 kernel: a race out-of-bound read in vt
CVE-2021-3753 kernel: a race out-of-bound read in vt
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.
References:
https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7
https://www.openwall.com/lists/oss-security/2021/09/01/4
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:2950
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:3138 https://access.redhat.com/err
https://powerful-bulb-c36.notion.site/Stored-xss-via-malicious-PDF-upload-98fb1ea6b9bf4ddfaf04d61b2c05410ahttps://vuldb.com/?ctiid.258911https://vuldb.com/?id.258911https://vuldb.com/?submit.307450https://powerful-bulb-c36.notion.site/Stored-xss-via-malicious-PDF-upload-98fb1ea6b9bf4ddfaf04d61b2c05410ahttps://vuldb.com/?ctiid.258911https://vuldb.com/?id.258911https://vuldb.com/?submit.307450
2024-04-01
Published