CVE-2024-33209

{"id": "CVE-2024-33209", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2024-10-02T16:15:10.300", "references": [{"url": "https://github.com/paragbagul111/CVE-2024-33209", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the \"Add New Entry\" section, which allows them to execute arbitrary code in the context of a victim's web browser."}, {"lang": "es", "value": "FlatPress v1.3 es vulnerable a Cross Site Scripting (XSS). Un atacante puede inyectar c\u00f3digo JavaScript malicioso en la secci\u00f3n \"Agregar nueva entrada\", lo que le permite ejecutar c\u00f3digo arbitrario en el contexto del navegador web de la v\u00edctima."}], "lastModified": "2024-10-16T13:33:21.313", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:flatpress:flatpress:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD15C4E9-8A2B-4104-AF8A-FFB196940AAF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}