CVE-2024-9007 MEDIUM

CVE-2024-9007: jeanmarc77 123solar detailed.php cross site scripting

Vendor Jeanmarc77

Product 123solar

Weakness CWE-79 · XSS

Published September 19, 2024

Last update September 20, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. This affects an unknown part of the file /detailed.php. The manipulation of the argument date1 leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named 94bf9ab7ad0ccb7fbdc02f172f37f0e2ea08d48f. It is recommended to apply a patch to fix this issue.

Key dates

02Disclosure timeline

September 19, 2024 CVE published

September 20, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-9007 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2024-9007: jeanmarc77 123solar detailed.php cross site scripting

01Description

02Disclosure timeline

03References

04Related CVE