cve-2024-29644
Vulnerability from cvelistv5
Published
2024-03-26 00:00
Modified
2025-03-24 15:50
Severity ?
EPSS score ?
Summary
Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://dcat-admin.com | Product | |
| cve@mitre.org | https://github.com/jqhph/dcat-admin | Product | |
| cve@mitre.org | https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://dcat-admin.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jqhph/dcat-admin | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m | Exploit, Third Party Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://dcat-admin.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jqhph/dcat-admin"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29644",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T16:24:36.777009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T15:50:03.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T11:58:56.290Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://dcat-admin.com"
},
{
"url": "https://github.com/jqhph/dcat-admin"
},
{
"url": "https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-29644",
"datePublished": "2024-03-26T00:00:00.000Z",
"dateReserved": "2024-03-19T00:00:00.000Z",
"dateUpdated": "2025-03-24T15:50:03.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-29644\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-03-26T12:15:50.353\",\"lastModified\":\"2025-04-30T16:48:15.930\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de cross-site scripting en dcat-admin v.2.1.3 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el cuadro de inicio de sesi\u00f3n del usuario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.7.9\",\"matchCriteriaId\":\"7F4217AF-E0B6-4A5C-8BAF-F86C9B11F558\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"25F5B3A0-A4BC-4E5E-839D-8617411531E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.1:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"770BB49B-4092-4731-AA54-FBE69BD328CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.2:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C20ADEC-2D34-4504-A2A5-04291CF58FFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.3:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D1580C7-2CE9-4C50-887F-24B4F2E60DE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.4:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C85600D-5624-4E2C-B549-C54590F7602F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.5:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"618420AD-26D9-4EFF-B1A0-908E34CF60C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.6:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"D31F81F7-9712-4A85-A12A-98F545CDB3BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.7:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"95C94A3D-EBFA-4B3C-ACCA-03E4FB13BC0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.8:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"93467373-3E14-4D30-A672-2C51ABA91CDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.9:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"7912F297-97FC-4897-B3BE-8B70C683A709\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.10:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"52F2CD0C-2AFD-4611-A93B-C56D9805FE3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.11:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7197805-2B42-46DD-A123-6CEA6F34E4BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.12:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE87FED3-7A9C-404A-A80A-856BE66AF4AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.13:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAACBFB1-0647-489B-881E-521FD698D459\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.14:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D3AF413-853D-4EB4-BE5A-F9A2564FD98B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.15:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F2DCA57-4823-4D4D-94C3-F90F377C32FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.16:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB04F8BA-9B0A-4254-9DA4-E005FE60DCF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.17:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEDC8077-A2F3-4818-BB63-0B5D147A6324\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.18:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"C745F249-CABC-4305-A783-F24869016783\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.19:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0CD5762-DAB9-4105-A6C0-1A55047E62D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.20:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"397F7A7C-BA39-47D1-A119-F05E6A9749E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.21:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"41A8D328-2107-4A62-9760-7CB2154460E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.22:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FC95D17-7ED8-4C96-8174-0C3FB8D262D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.23:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"43317B4C-5D37-4137-8506-550C0E1EB9D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.0.24:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"232E98CA-CD74-4031-B9CC-BD0B6F3696FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.1.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"21B35977-D1A2-486D-BE07-8D94D4BD8FCA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.1.1:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2F183CA-2110-4263-A4E5-A8630B614B00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.1.2:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"309A1CED-2697-42D4-AF85-999B90FDBFEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dcatadmin:dcat_admin:2.1.3:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA07899B-5D17-4D06-8BFC-A8B19F70B994\"}]}]}],\"references\":[{\"url\":\"http://dcat-admin.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/jqhph/dcat-admin\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://dcat-admin.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/jqhph/dcat-admin\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.