Cross-site scripting vulnerability for Sandboxels 1.9 - 1.9.5 (Q3408): Difference between revisions

@@ label / es / label / es @@
+CVE-2024-39828
@@ aliases / en / 0 / aliases / en / 0 @@
+CVE-2024-39828
@@ aliases / en / 1 / aliases / en / 1 @@
+GHSA-837w-cqm8-gx58
@@ description / es / description / es @@
+R74n Sandboxels 1.9 a 1.9.5 permite XSS a través de un mensaje en un archivo de juego guardado modificado.
@@ Property / instance of @@
+vulnerability
@@ Property / instance of: vulnerability / rank @@
+Normal rank
@@ Property / part of @@
+Sandboxels 1.9
@@ Property / part of: Sandboxels 1.9 / rank @@
+Normal rank
@@ Property / part of @@
+Sandboxels 1.9.1
@@ Property / part of: Sandboxels 1.9.1 / rank @@
+Normal rank
@@ Property / part of @@
+Sandboxels 1.9.2
@@ Property / part of: Sandboxels 1.9.2 / rank @@
+Normal rank
@@ Property / part of @@
+Sandboxels 1.9.3
@@ Property / part of: Sandboxels 1.9.3 / rank @@
+Normal rank
@@ Property / part of @@
+Sandboxels 1.9.4
@@ Property / part of: Sandboxels 1.9.4 / rank @@
+Normal rank
@@ Property / part of @@
+Sandboxels 1.9.4.1
@@ Property / part of: Sandboxels 1.9.4.1 / rank @@
+Normal rank
@@ Property / part of @@
+Sandboxels 1.9.5
@@ Property / part of: Sandboxels 1.9.5 / rank @@
+Normal rank
@@ Property / start date @@
+October 2023Timestamp +2023-10-13T00:00:00Z
Timezone +00:00
Calendar Gregorian
Precision 1 day
Before 0
After 0
-Timestamp
++2023-10-13T00:00:00Z
-Timezone
++00:00
-Calendar
+Gregorian
-Precision
+day
 Before
 After
@@ Property / start date: 13 October 2023 / rank @@
+Normal rank
@@ Property / date of discovery @@
+June 2024Timestamp +2024-06-25T00:00:00Z
Timezone +00:00
Calendar Gregorian
Precision 1 day
Before 0
After 0
-Timestamp
++2024-06-25T00:00:00Z
-Timezone
++00:00
-Calendar
+Gregorian
-Precision
+day
 Before
 After
@@ Property / date of discovery: 25 June 2024 / rank @@
+Normal rank
@@ Property / about page URL @@
+https://github.com/ggod2/sandboxels_xss_test/tree/main/README.md
+Normal rank
@@ Property / about page URL @@
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39828
+Normal rank
+start date: 28 June 2024Timestamp +2024-06-28T00:00:00Z
Timezone +00:00
Calendar Gregorian
Precision 1 day
Before 0
After 0
-Timestamp
++2024-06-28T00:00:00Z
-Timezone
++00:00
-Calendar
+Gregorian
-Precision
+day
 Before
 After
@@ Property / about page URL @@
+https://www.cve.org/CVERecord?id=CVE-2024-39828
+Normal rank
+start date: 28 June 2024Timestamp +2024-06-28T00:00:00Z
Timezone +00:00
Calendar Gregorian
Precision 1 day
Before 0
After 0
-Timestamp
++2024-06-28T00:00:00Z
-Timezone
++00:00
-Calendar
+Gregorian
-Precision
+day
 Before
 After
+creator string: MITRE Corporation
@@ Property / source code repo URL @@
+https://github.com/ggod2/sandboxels_xss_test
+Normal rank
@@ Property / idea by @@
+ggod
@@ Property / idea by: ggod / rank @@
+Normal rank
@@ Property / uses @@
+<pixel>.clone
@@ Property / uses: <pixel>.clone / rank @@
+Normal rank
@@ Property / uses @@
+Sandboxels save
@@ Property / uses: Sandboxels save / rank @@
+Normal rank
@@ Property / uses @@
+.SBXLS
@@ Property / uses: .SBXLS / rank @@
+Normal rank
@@ Property / uses @@
+Prop
@@ Property / uses: Prop / rank @@
+Normal rank
@@ Property / announced in @@
+R74n Discord server
@@ Property / announced in: R74n Discord server / rank @@
+Normal rank
@@ Property / CVE Identifier @@
+CVE-2024-39828
@@ Property / CVE Identifier: CVE-2024-39828 / rank @@
+Normal rank
@@ Property / CVE Identifier: CVE-2024-39828 / qualifier @@
+start date: 28 June 2024Timestamp +2024-06-28T00:00:00Z
Timezone +00:00
Calendar Gregorian
Precision 1 day
Before 0
After 0
-Timestamp
++2024-06-28T00:00:00Z
-Timezone
++00:00
-Calendar
+Gregorian
-Precision
+day
 Before
 After
@@ Property / end date @@
+June 2024Timestamp +2024-06-29T00:00:00Z
Timezone +00:00
Calendar Gregorian
Precision 1 day
Before 0
After 0
-Timestamp
++2024-06-29T00:00:00Z
-Timezone
++00:00
-Calendar
+Gregorian
-Precision
+day
 Before
 After
@@ Property / end date: 29 June 2024 / rank @@
+Normal rank
@@ Property / exact match @@
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39828
+Normal rank
+start date: 28 June 2024Timestamp +2024-06-28T00:00:00Z
Timezone +00:00
Calendar Gregorian
Precision 1 day
Before 0
After 0
-Timestamp
++2024-06-28T00:00:00Z
-Timezone
++00:00
-Calendar
+Gregorian
-Precision
+day
 Before
 After
@@ Property / exact match @@
+https://nvd.nist.gov/vuln/detail/CVE-2024-39828
@@ Property / exact match: https://nvd.nist.gov/vuln/detail/CVE-2024-39828 / rank @@
+Normal rank
+start date: 28 June 2024Timestamp +2024-06-28T00:00:00Z
Timezone +00:00
Calendar Gregorian
Precision 1 day
Before 0
After 0
-Timestamp
++2024-06-28T00:00:00Z
-Timezone
++00:00
-Calendar
+Gregorian
-Precision
+day
 Before
 After
+quotation: ADP:  CISA-ADP (English)
+quotation: Base Score: 6.1 MEDIUM (English)
+quotation: Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (English)
+URL: https://nvd.nist.gov/vuln/search/results?query=xss&startIndex=20
@@ Property / exact match @@
+https://www.cve.org/CVERecord?id=CVE-2024-39828
@@ Property / exact match: https://www.cve.org/CVERecord?id=CVE-2024-39828 / rank @@
+Normal rank
+start date: 28 June 2024Timestamp +2024-06-28T00:00:00Z
Timezone +00:00
Calendar Gregorian
Precision 1 day
Before 0
After 0
-Timestamp
++2024-06-28T00:00:00Z
-Timezone
++00:00
-Calendar
+Gregorian
-Precision
+day
 Before
 After
@@ Property / exact match @@
+https://vulmon.com/vulnerabilitydetails?qid=CVE-2024-39828
+Normal rank
+URL: https://vulmon.com/searchpage?page=1&q=Cisco%20Nx-os%204.0%5C%5C(1a%5C%5C)n2%5C%5C(1%5C%5C)&sortby=bydate&scoretype=cvssv2
+URL: https://vulmon.com/searchpage?page=1&q=Cisco%20Unified%20Communications%20Manager%20Im%20%5C%5C&%20Presence%20Service%2010.5%5C%5C(2%5C%5C)&sortby=bydate
@@ Property / exact match @@
+https://cvefeed.io/vuln/detail/CVE-2024-39828
@@ Property / exact match: https://cvefeed.io/vuln/detail/CVE-2024-39828 / rank @@
+Normal rank
@@ Property / exact match @@
+https://cveawg.mitre.org/api/cve/CVE-2024-39828
@@ Property / exact match: https://cveawg.mitre.org/api/cve/CVE-2024-39828 / rank @@
+Normal rank
+file format: JSON
@@ Property / exact match @@
+https://cvefeed.io/vuln/detail/CVE-2024-39828
@@ Property / exact match: https://cvefeed.io/vuln/detail/CVE-2024-39828 / rank @@
+Normal rank
@@ Property / exact match @@
+https://github.com/advisories/GHSA-837w-cqm8-gx58
+Normal rank
+quotation: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (English)
+start date: 29 June 2024Timestamp +2024-06-29T00:00:00Z
Timezone +00:00
Calendar Gregorian
Precision 1 day
Before 0
After 0
-Timestamp
++2024-06-29T00:00:00Z
-Timezone
++00:00
-Calendar
+Gregorian
-Precision
+day
 Before
 After
@@ Property / exact match @@
+https://avd.aquasec.com/nvd/2024/cve-2024-39828/
@@ Property / exact match: https://avd.aquasec.com/nvd/2024/cve-2024-39828/ / rank @@
+Normal rank
+URL: https://avd.aquasec.com/nvd/2024/
@@ Property / exact match @@
+https://vuldb.com/?id.269996
@@ Property / exact match: https://vuldb.com/?id.269996 / rank @@
+Normal rank
@@ Property / exact match: https://vuldb.com/?id.269996 / qualifier @@
+identifier: 269996
@@ Property / exact match: https://vuldb.com/?id.269996 / qualifier @@
+quotation: CVSS Meta Temp Score: 5.7 (English)
@@ Property / exact match: https://vuldb.com/?id.269996 / qualifier @@
+quotation: VulDB Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R (English)
@@ Property / exact match: https://vuldb.com/?id.269996 / qualifier @@
+quotation: CNA Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X (English)
@@ Property / exact match: https://vuldb.com/?id.269996 / qualifier @@
+quotation: VulDB Meta Base Score: 5.8 (English)
@@ Property / exact match: https://vuldb.com/?id.269996 / qualifier @@
+quotation: VulDB Meta Temp Score: 5.7 (English)
@@ Property / exact match: https://vuldb.com/?id.269996 / qualifier @@
+quotation: VulDB Base Score: 5.2 (CVSS2#AV:A/AC:L/Au:S/C:P/I:P/A:P) (English)
@@ Property / exact match: https://vuldb.com/?id.269996 / qualifier @@
+quotation: VulDB Temp Score: 4.9 (CVSS2#E:ND/RL:ND/RC:UR) (English)
@@ Property / exact match: https://vuldb.com/?id.269996 / qualifier @@
+quotation: Cache ID: 172:360:117 (English)
@@ Property / exact match: https://vuldb.com/?id.269996 / qualifier @@
+quotation: Changes: 06/29/2024 04:50 AM (50), 06/30/2024 04:49 AM (2), 07/01/2024 11:41 PM (1), 07/12/2024 12:28 AM (11) (English)
@@ Property / exact match: https://vuldb.com/?id.269996 / qualifier @@
+start date: 29 June 2024Timestamp +2024-06-29T00:00:00Z
Timezone +00:00
Calendar Gregorian
Precision 1 day
Before 0
After 0
-Timestamp
++2024-06-29T00:00:00Z
-Timezone
++00:00
-Calendar
+Gregorian
-Precision
+day
 Before
 After
@@ Property / exact match @@
+https://vuldb.com/?json.269996
@@ Property / exact match: https://vuldb.com/?json.269996 / rank @@
+Normal rank
@@ Property / exact match: https://vuldb.com/?json.269996 / qualifier @@
+file format: JSON
@@ Property / exact match: https://vuldb.com/?json.269996 / qualifier @@
+identifier: 269996
@@ Property / exact match @@
+https://vulners.com/cve/CVE-2024-39828
@@ Property / exact match: https://vulners.com/cve/CVE-2024-39828 / rank @@
+Normal rank
@@ Property / exact match @@
+https://cxsecurity.com/cveshow/CVE-2024-39828/
@@ Property / exact match: https://cxsecurity.com/cveshow/CVE-2024-39828/ / rank @@
+Normal rank
@@ Property / exact match @@
+https://debricked.com/vulnerability-database/vulnerability/CVE-2024-39828
+Normal rank
@@ Property / exact match @@
+https://cyber.vumetric.com/vulns/CVE-2024-39828/
@@ Property / exact match: https://cyber.vumetric.com/vulns/CVE-2024-39828/ / rank @@
+Normal rank
@@ Property / exact match @@
+https://www.cvedetails.com/cve/CVE-2024-39828/
@@ Property / exact match: https://www.cvedetails.com/cve/CVE-2024-39828/ / rank @@
+Normal rank
+URL: https://www.cvedetails.com/vulnerability-list/year-2024/month-6/June.html
@@ Property / exact match @@
+https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2024-39828
+Normal rank
@@ Property / exact match @@
+https://www.opencve.io/cve/CVE-2024-39828
@@ Property / exact match: https://www.opencve.io/cve/CVE-2024-39828 / rank @@
+Normal rank
@@ Property / exact match: https://www.opencve.io/cve/CVE-2024-39828 / reference @@
+URL: https://www.opencve.io/cve?cwe=CWE-79&cvss=&search=sandboxels
@@ Property / exact match @@
+https://exchange.xforce.ibmcloud.com/vulnerabilities/296041
+Normal rank
+identifier: 296041
@@ Property / exact match @@
+https://avd.aliyun.com/detail?id=AVD-2024-39828
@@ Property / exact match: https://avd.aliyun.com/detail?id=AVD-2024-39828 / rank @@
+Normal rank
+identifier: AVD-2024-39828
+start date: 29 June 2024Timestamp +2024-06-29T00:00:00Z
Timezone +00:00
Calendar Gregorian
Precision 1 day
Before 0
After 0
-Timestamp
++2024-06-29T00:00:00Z
-Timezone
++00:00
-Calendar
+Gregorian
-Precision
+day
 Before
 After
@@ Property / exact match @@
+https://ioc.one/auth/attribute/dea2c192-674c-4b40-a159-db5df8524bfc
+Normal rank
+identifier: dea2c192-674c-4b40-a159-db5df8524bfc
@@ Property / exact match @@
+https://www.secualive.jp/en/feed/nvd/vulnerability/detailinfo/CVE-2024-39828/
+Normal rank
+URL: https://www.secualive.jp/en/feed/vulnerability/?search_display_number=10&page_jvn=18&page_nvd=236
+URL: https://secualive.jp/en/feed/vulnerability/?search_display_number=10&page_jvn=17637&page_nvd=22
@@ Property / exact match @@
+https://www.vulncode-db.com/CVE-2024-39828
@@ Property / exact match: https://www.vulncode-db.com/CVE-2024-39828 / rank @@
+Normal rank
@@ Property / tweet ID @@
+1806813138836238382
@@ Property / tweet ID: 1806813138836238382 / rank @@
+Normal rank
@@ Property / tweet ID: 1806813138836238382 / qualifier @@
+creator string: CVEnew
@@ Property / tweet ID @@
+1806849098546348398
@@ Property / tweet ID: 1806849098546348398 / rank @@
+Normal rank
@@ Property / tweet ID: 1806849098546348398 / qualifier @@
+creator string: VulmonFeeds
@@ Property / GHSA ID @@
+GHSA-837w-cqm8-gx58
@@ Property / GHSA ID: GHSA-837w-cqm8-gx58 / rank @@
+Normal rank
@@ Property / GHSA ID: GHSA-837w-cqm8-gx58 / qualifier @@
+start date: 29 June 2024Timestamp +2024-06-29T00:00:00Z
Timezone +00:00
Calendar Gregorian
Precision 1 day
Before 0
After 0
-Timestamp
++2024-06-29T00:00:00Z
-Timezone
++00:00
-Calendar
+Gregorian
-Precision
+day
 Before
 After
@@ Property / mentioned at URL @@
+https://www.mail-archive.com/search?l=debian-security-tracker-commits@alioth-lists.debian.net&q=subject:%22%5C%5BGit%5C%5D%5C%5Bsecurity%5C-tracker%5C-team%5C%2Fsecurity%5C-tracker%5C%5D%5C%5Bmaster%5C%5D+automatic+update%22&o=newest&f=1
+Normal rank
+quotation: +   TODO: check   +CVE-2024-39828 (R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modifi ...) (English)
@@ Property / mentioned at URL @@
+https://www.cisa.gov/news-events/bulletins/sb24-183
+Normal rank
@@ Property / mentioned at URL @@
+https://www.mail-archive.com/search?l=debian-security-tracker-commits@alioth-lists.debian.net&q=subject:%22%5C%5BGit%5C%5D%5C%5Bsecurity%5C-tracker%5C-team%5C%2Fsecurity%5C-tracker%5C%5D%5C%5Bmaster%5C%5D+Process+some+NFUs%22&o=newest&f=1
+Normal rank
+quotation: +   NOT-FOR-US: R74n Sandboxels    CVE-2024-39828 (R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modifi ...) (English)
@@ Property / mentioned at URL @@
+https://t.me/cveNotify/84855
@@ Property / mentioned at URL: https://t.me/cveNotify/84855 / rank @@
+Normal rank
@@ Property / mentioned at URL: https://t.me/cveNotify/84855 / reference @@
+URL: https://en.tgchannels.org/channel/cvenotify/84855
@@ Property / mentioned at URL @@
+https://raw.githubusercontent.com/trickest/cve/main/2024/CVE-2024-39828.md
+Normal rank
+source code repo URL: https://github.com/trickest/cve/tree/main/2024/CVE-2024-39828.md
@@ Property / Multiplane planecode @@
+R13300
@@ Property / Multiplane planecode: R13300 / rank @@
+Normal rank
@@ Property / Multiplane planecode: R13300 / qualifier @@
+start date: 19 July 2024Timestamp +2024-07-19T00:00:00Z
Timezone +00:00
Calendar Gregorian
Precision 1 day
Before 0
After 0
-Timestamp
++2024-07-19T00:00:00Z
-Timezone
++00:00
-Calendar
+Gregorian
-Precision
+day
 Before
 After