CVE-2024-42852
published 2024-08-23CVE-2024-42852: Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component.
PriorityP278medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.73%
49.7th percentile
Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect CVE-2024-42852 exploitation by looking for HTTP GET requests to index.php (or root path) containing the 'portgw' parameter with unsanitized/script-injected values (e.g., semicolons followed by JavaScript payloads). ↗
- →In HTTP response body, look for the string '80089948; alert(document.domain);' AND 'WT_GW_PORT' together as indicators of a successful XSS reflection in AcuToWeb. ↗
- →Use FOFA/Shodan queries 'title="AcuToWeb"' or 'title:"AcuToWeb"' to identify exposed AcuToWeb instances for proactive scanning. ↗
- →Flag HTTP 200 responses of content-type 'text/html' from AcuToWeb servers that reflect user-supplied 'portgw' parameter values verbatim in the response body. ↗
- ·The vulnerability is specific to AcuToWeb version 10.5.0.7577c8b (CPE: cpe:2.3:a:opentext:acutoweb:10.5.0.7577c8b). Detection rules should be scoped to this version to avoid false positives on patched instances. ↗
- ·This is a reflected XSS (not stored), requiring user interaction (UI:R) to trigger. Network-level detection should focus on the request/response pair, not just the inbound request alone. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-44mp-qrwc-xm4x: Cross Site Scripting vulnerability in AcuToWeb server v
ghsa_unreviewed·2024-08-23
CVE-2024-42852 [MEDIUM] CWE-79 GHSA-44mp-qrwc-xm4x: Cross Site Scripting vulnerability in AcuToWeb server v
Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component.
VulnCheck
Micro Focus acutoweb Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2024·CVSS 6.1
CVE-2024-42852 [MEDIUM] Micro Focus acutoweb Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Micro Focus acutoweb Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component.
Affected: Micro Focus acutoweb
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2024-42852
No detection rules found.
Nuclei
AcuToWeb server/10.5.0.7577c8b - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2024-42852 [MEDIUM] AcuToWeb server/10.5.0.7577c8b - Cross-Site Scripting
AcuToWeb server/10.5.0.7577c8b - Cross-Site Scripting
AcuToWeb server/10.5.0.7577c8b is vulnerable to reflected cross-site scripting (XSS) via the portgw parameter. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution.
Template:
id: CVE-2024-42852
info:
name: AcuToWeb server/10.5.0.7577c8b - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
AcuToWeb server/10.5.0.7577c8b is vulnerable to reflected cross-site scripting (XSS) via the portgw parameter. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution.
impact: |
Successful exploitation of this XSS vulnerability allows attackers to execute arbitrary JavaScript code in victims' browsers, potentially leading to session hijacking, creden
No writeups or analysis indexed.
2024-08-23
Published
Exploited in the wild