Cross Site Scripting (XSS) in Raspcontrol

Posted date 04/09/2024

Importance

3 - Medium

Affected Resources

RaspControl 1.0.

Description

INCIBE has coordinated the publication of 1 medium severity vulnerability affecting RaspControl 1.0, which has been discovered by Rafael Pedrero.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and CWE vulnerability type for each vulnerability:

CVE-2024-8413: 5.4 | CVSS v3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | CWE-79.

Solution

There is no reported solution at this time.

Detail

CVE-2024-8413: Cross Site Scripting (XSS) vulnerability through the action parameter in index.php. Affected product codebase https://github.com/Bioshox/Raspcontrol and forks such as https://github.com/harmon25/raspcontrol. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially hijacking their session details.

References list

Raspcontrol - Código de GitHub

Etiquetas

0day
CNA
Injection
Vulnerability