CVE-2024-25292

Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Upload Title parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:martinbarker:rendertune:1.1.4:*:*:*:*:*:*:*

History

21 Jan 2025, 18:30

Type Values Removed Values Added
References () https://github.com/ji-zzang/EQST-PoC/tree/main/2024/RCE/CVE-2024-25292 - () https://github.com/ji-zzang/EQST-PoC/tree/main/2024/RCE/CVE-2024-25292 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.6
First Time Martinbarker
Martinbarker rendertune
CPE cpe:2.3:a:martinbarker:rendertune:1.1.4:*:*:*:*:*:*:*
CWE CWE-79

21 Nov 2024, 09:00

Type Values Removed Values Added
References () https://github.com/ji-zzang/EQST-PoC/tree/main/2024/RCE/CVE-2024-25292 - () https://github.com/ji-zzang/EQST-PoC/tree/main/2024/RCE/CVE-2024-25292 -
Summary
  • (es) Vulnerabilidad de Cross-Site Scripting (XSS) en RenderTune v1.1.4 permite a atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro Cargar título.

29 Feb 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-29 07:15

Updated : 2025-03-27 15:15


NVD link : CVE-2024-25292

Mitre link : CVE-2024-25292

CVE.ORG link : CVE-2024-25292


JSON object : View

Products Affected

martinbarker

  • rendertune
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')