Cross-site scripting vulnerability for Sandboxels 1.9 - 1.9.5 (Q3408): Difference between revisions

From R74n Wikibase
Jump to navigation Jump to search
(‎Created claim: date of discovery (P125): 25 June 2024)
(‎Changed claim: Multiplane planecode (P164): R13300)
 
(71 intermediate revisions by 2 users not shown)
label / eslabel / es
 
CVE-2024-39828
aliases / en / 0aliases / en / 0
 
CVE-2024-39828
aliases / en / 1aliases / en / 1
 
GHSA-837w-cqm8-gx58
description / esdescription / es
 
R74n Sandboxels 1.9 a 1.9.5 permite XSS a través de un mensaje en un archivo de juego guardado modificado.
Property / about page URL
 
Property / about page URL: https://github.com/ggod2/sandboxels_xss_test/tree/main/README.md / rank
 
Normal rank
Property / about page URL
 
Property / about page URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39828 / rank
 
Normal rank
Property / about page URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39828 / qualifier
 
start date: 28 June 2024
Timestamp+2024-06-28T00:00:00Z
Timezone+00:00
CalendarGregorian
Precision1 day
Before0
After0
Property / about page URL
 
Property / about page URL: https://www.cve.org/CVERecord?id=CVE-2024-39828 / rank
 
Normal rank
Property / about page URL: https://www.cve.org/CVERecord?id=CVE-2024-39828 / qualifier
 
start date: 28 June 2024
Timestamp+2024-06-28T00:00:00Z
Timezone+00:00
CalendarGregorian
Precision1 day
Before0
After0
Property / about page URL: https://www.cve.org/CVERecord?id=CVE-2024-39828 / qualifier
 
creator string: MITRE Corporation
Property / source code repo URL
 
Property / source code repo URL: https://github.com/ggod2/sandboxels_xss_test / rank
 
Normal rank
Property / idea by
 
Property / idea by: ggod / rank
 
Normal rank
Property / uses
 
Property / uses: <pixel>.clone / rank
 
Normal rank
Property / uses
 
Property / uses: Sandboxels save / rank
 
Normal rank
Property / uses
 
Property / uses: .SBXLS / rank
 
Normal rank
Property / uses
 
Property / uses: Prop / rank
 
Normal rank
Property / announced in
 
Property / announced in: R74n Discord server / rank
 
Normal rank
Property / CVE Identifier
 
CVE-2024-39828
Property / CVE Identifier: CVE-2024-39828 / rank
 
Normal rank
Property / CVE Identifier: CVE-2024-39828 / qualifier
 
start date: 28 June 2024
Timestamp+2024-06-28T00:00:00Z
Timezone+00:00
CalendarGregorian
Precision1 day
Before0
After0
Property / end date
 
29 June 2024
Timestamp+2024-06-29T00:00:00Z
Timezone+00:00
CalendarGregorian
Precision1 day
Before0
After0
Property / end date: 29 June 2024 / rank
 
Normal rank
Property / exact match
 
Property / exact match: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39828 / rank
 
Normal rank
Property / exact match: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39828 / qualifier
 
start date: 28 June 2024
Timestamp+2024-06-28T00:00:00Z
Timezone+00:00
CalendarGregorian
Precision1 day
Before0
After0
Property / exact match
 
Property / exact match: https://nvd.nist.gov/vuln/detail/CVE-2024-39828 / rank
 
Normal rank
Property / exact match: https://nvd.nist.gov/vuln/detail/CVE-2024-39828 / qualifier
 
start date: 28 June 2024
Timestamp+2024-06-28T00:00:00Z
Timezone+00:00
CalendarGregorian
Precision1 day
Before0
After0
Property / exact match: https://nvd.nist.gov/vuln/detail/CVE-2024-39828 / qualifier
 
quotation: ADP: CISA-ADP (English)
Property / exact match: https://nvd.nist.gov/vuln/detail/CVE-2024-39828 / qualifier
 
quotation: Base Score: 6.1 MEDIUM (English)
Property / exact match: https://nvd.nist.gov/vuln/detail/CVE-2024-39828 / qualifier
 
quotation: Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (English)
Property / exact match: https://nvd.nist.gov/vuln/detail/CVE-2024-39828 / reference
 
Property / exact match
 
Property / exact match: https://www.cve.org/CVERecord?id=CVE-2024-39828 / rank
 
Normal rank
Property / exact match: https://www.cve.org/CVERecord?id=CVE-2024-39828 / qualifier
 
start date: 28 June 2024
Timestamp+2024-06-28T00:00:00Z
Timezone+00:00
CalendarGregorian
Precision1 day
Before0
After0
Property / exact match
 
Property / exact match: https://vulmon.com/vulnerabilitydetails?qid=CVE-2024-39828 / rank
 
Normal rank
Property / exact match: https://vulmon.com/vulnerabilitydetails?qid=CVE-2024-39828 / reference
 
Property / exact match: https://vulmon.com/vulnerabilitydetails?qid=CVE-2024-39828 / reference
 
Property / exact match
 
Property / exact match: https://cvefeed.io/vuln/detail/CVE-2024-39828 / rank
 
Normal rank
Property / exact match
 
Property / exact match: https://cveawg.mitre.org/api/cve/CVE-2024-39828 / rank
 
Normal rank
Property / exact match: https://cveawg.mitre.org/api/cve/CVE-2024-39828 / qualifier
 
Property / exact match
 
Property / exact match: https://cvefeed.io/vuln/detail/CVE-2024-39828 / rank
 
Normal rank
Property / exact match
 
Property / exact match: https://github.com/advisories/GHSA-837w-cqm8-gx58 / rank
 
Normal rank
Property / exact match: https://github.com/advisories/GHSA-837w-cqm8-gx58 / qualifier
 
quotation: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (English)
Property / exact match: https://github.com/advisories/GHSA-837w-cqm8-gx58 / qualifier
 
start date: 29 June 2024
Timestamp+2024-06-29T00:00:00Z
Timezone+00:00
CalendarGregorian
Precision1 day
Before0
After0
Property / exact match
 
Property / exact match: https://avd.aquasec.com/nvd/2024/cve-2024-39828/ / rank
 
Normal rank
Property / exact match: https://avd.aquasec.com/nvd/2024/cve-2024-39828/ / reference
 
Property / exact match
 
Property / exact match: https://vuldb.com/?id.269996 / rank
 
Normal rank
Property / exact match: https://vuldb.com/?id.269996 / qualifier
 
identifier: 269996
Property / exact match: https://vuldb.com/?id.269996 / qualifier
 
quotation: CVSS Meta Temp Score: 5.7 (English)
Property / exact match: https://vuldb.com/?id.269996 / qualifier
 
quotation: VulDB Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R (English)
Property / exact match: https://vuldb.com/?id.269996 / qualifier
 
quotation: CNA Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X (English)
Property / exact match: https://vuldb.com/?id.269996 / qualifier
 
quotation: VulDB Meta Base Score: 5.8 (English)
Property / exact match: https://vuldb.com/?id.269996 / qualifier
 
quotation: VulDB Meta Temp Score: 5.7 (English)
Property / exact match: https://vuldb.com/?id.269996 / qualifier
 
quotation: VulDB Base Score: 5.2 (CVSS2#AV:A/AC:L/Au:S/C:P/I:P/A:P) (English)
Property / exact match: https://vuldb.com/?id.269996 / qualifier
 
quotation: VulDB Temp Score: 4.9 (CVSS2#E:ND/RL:ND/RC:UR) (English)
Property / exact match: https://vuldb.com/?id.269996 / qualifier
 
quotation: Cache ID: 172:360:117 (English)
Property / exact match: https://vuldb.com/?id.269996 / qualifier
 
quotation: Changes: 06/29/2024 04:50 AM (50), 06/30/2024 04:49 AM (2), 07/01/2024 11:41 PM (1), 07/12/2024 12:28 AM (11) (English)
Property / exact match: https://vuldb.com/?id.269996 / qualifier
 
start date: 29 June 2024
Timestamp+2024-06-29T00:00:00Z
Timezone+00:00
CalendarGregorian
Precision1 day
Before0
After0
Property / exact match
 
Property / exact match: https://vuldb.com/?json.269996 / rank
 
Normal rank
Property / exact match: https://vuldb.com/?json.269996 / qualifier
 
Property / exact match: https://vuldb.com/?json.269996 / qualifier
 
identifier: 269996
Property / exact match
 
Property / exact match: https://vulners.com/cve/CVE-2024-39828 / rank
 
Normal rank
Property / exact match
 
Property / exact match: https://cxsecurity.com/cveshow/CVE-2024-39828/ / rank
 
Normal rank
Property / exact match
 
Property / exact match: https://debricked.com/vulnerability-database/vulnerability/CVE-2024-39828 / rank
 
Normal rank
Property / exact match
 
Property / exact match: https://cyber.vumetric.com/vulns/CVE-2024-39828/ / rank
 
Normal rank
Property / exact match
 
Property / exact match: https://www.cvedetails.com/cve/CVE-2024-39828/ / rank
 
Normal rank
Property / exact match: https://www.cvedetails.com/cve/CVE-2024-39828/ / reference
 
Property / exact match
 
Property / exact match: https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2024-39828 / rank
 
Normal rank
Property / exact match
 
Property / exact match: https://www.opencve.io/cve/CVE-2024-39828 / rank
 
Normal rank
Property / exact match: https://www.opencve.io/cve/CVE-2024-39828 / reference
 
Property / exact match
 
Property / exact match: https://exchange.xforce.ibmcloud.com/vulnerabilities/296041 / rank
 
Normal rank
Property / exact match: https://exchange.xforce.ibmcloud.com/vulnerabilities/296041 / qualifier
 
identifier: 296041
Property / exact match
 
Property / exact match: https://avd.aliyun.com/detail?id=AVD-2024-39828 / rank
 
Normal rank
Property / exact match: https://avd.aliyun.com/detail?id=AVD-2024-39828 / qualifier
 
identifier: AVD-2024-39828
Property / exact match: https://avd.aliyun.com/detail?id=AVD-2024-39828 / qualifier
 
start date: 29 June 2024
Timestamp+2024-06-29T00:00:00Z
Timezone+00:00
CalendarGregorian
Precision1 day
Before0
After0
Property / exact match
 
Property / exact match: https://ioc.one/auth/attribute/dea2c192-674c-4b40-a159-db5df8524bfc / rank
 
Normal rank
Property / exact match: https://ioc.one/auth/attribute/dea2c192-674c-4b40-a159-db5df8524bfc / qualifier
 
identifier: dea2c192-674c-4b40-a159-db5df8524bfc
Property / exact match
 
Property / exact match: https://www.secualive.jp/en/feed/nvd/vulnerability/detailinfo/CVE-2024-39828/ / rank
 
Normal rank
Property / exact match: https://www.secualive.jp/en/feed/nvd/vulnerability/detailinfo/CVE-2024-39828/ / reference
 
Property / exact match: https://www.secualive.jp/en/feed/nvd/vulnerability/detailinfo/CVE-2024-39828/ / reference
 
Property / exact match
 
Property / exact match: https://www.vulncode-db.com/CVE-2024-39828 / rank
 
Normal rank
Property / tweet ID
 
Property / tweet ID: 1806813138836238382 / rank
 
Normal rank
Property / tweet ID: 1806813138836238382 / qualifier
 
Property / tweet ID
 
Property / tweet ID: 1806849098546348398 / rank
 
Normal rank
Property / tweet ID: 1806849098546348398 / qualifier
 
creator string: VulmonFeeds
Property / GHSA ID
 
Property / GHSA ID: GHSA-837w-cqm8-gx58 / rank
 
Normal rank
Property / GHSA ID: GHSA-837w-cqm8-gx58 / qualifier
 
start date: 29 June 2024
Timestamp+2024-06-29T00:00:00Z
Timezone+00:00
CalendarGregorian
Precision1 day
Before0
After0
Property / mentioned at URL
 
Property / mentioned at URL: https://www.mail-archive.com/search?l=debian-security-tracker-commits@alioth-lists.debian.net&q=subject:%22%5C%5BGit%5C%5D%5C%5Bsecurity%5C-tracker%5C-team%5C%2Fsecurity%5C-tracker%5C%5D%5C%5Bmaster%5C%5D+automatic+update%22&o=newest&f=1 / rank
 
Normal rank
Property / mentioned at URL: https://www.mail-archive.com/search?l=debian-security-tracker-commits@alioth-lists.debian.net&q=subject:%22%5C%5BGit%5C%5D%5C%5Bsecurity%5C-tracker%5C-team%5C%2Fsecurity%5C-tracker%5C%5D%5C%5Bmaster%5C%5D+automatic+update%22&o=newest&f=1 / qualifier
 
quotation: + TODO: check +CVE-2024-39828 (R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modifi ...) (English)
Property / mentioned at URL
 
Property / mentioned at URL: https://www.cisa.gov/news-events/bulletins/sb24-183 / rank
 
Normal rank
Property / mentioned at URL
 
Property / mentioned at URL: https://www.mail-archive.com/search?l=debian-security-tracker-commits@alioth-lists.debian.net&q=subject:%22%5C%5BGit%5C%5D%5C%5Bsecurity%5C-tracker%5C-team%5C%2Fsecurity%5C-tracker%5C%5D%5C%5Bmaster%5C%5D+Process+some+NFUs%22&o=newest&f=1 / rank
 
Normal rank
Property / mentioned at URL: https://www.mail-archive.com/search?l=debian-security-tracker-commits@alioth-lists.debian.net&q=subject:%22%5C%5BGit%5C%5D%5C%5Bsecurity%5C-tracker%5C-team%5C%2Fsecurity%5C-tracker%5C%5D%5C%5Bmaster%5C%5D+Process+some+NFUs%22&o=newest&f=1 / qualifier
 
quotation: + NOT-FOR-US: R74n Sandboxels CVE-2024-39828 (R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modifi ...) (English)
Property / mentioned at URL
 
Property / mentioned at URL: https://t.me/cveNotify/84855 / rank
 
Normal rank
Property / mentioned at URL: https://t.me/cveNotify/84855 / reference
 
Property / mentioned at URL
 
Property / mentioned at URL: https://raw.githubusercontent.com/trickest/cve/main/2024/CVE-2024-39828.md / rank
 
Normal rank
Property / mentioned at URL: https://raw.githubusercontent.com/trickest/cve/main/2024/CVE-2024-39828.md / qualifier
 
Property / Multiplane planecode
 
Property / Multiplane planecode: R13300 / rank
 
Normal rank
Property / Multiplane planecode: R13300 / qualifier
 
start date: 19 July 2024
Timestamp+2024-07-19T00:00:00Z
Timezone+00:00
CalendarGregorian
Precision1 day
Before0
After0

Latest revision as of 04:20, 19 July 2024

Sandboxels XSS vulnerability
  • CVE-2024-39828
  • GHSA-837w-cqm8-gx58
Language Label Description Also known as
English
Cross-site scripting vulnerability for Sandboxels 1.9 - 1.9.5
Sandboxels XSS vulnerability
  • CVE-2024-39828
  • GHSA-837w-cqm8-gx58

Statements

0 references
0 references
0 references
0 references
0 references
0 references
0 references
0 references
0 references
0 references
0 references
0 references
13 October 2023
0 references
29 June 2024
0 references
25 June 2024
0 references
0 references
28 June 2024
ADP: CISA-ADP (English)
Base Score: 6.1 MEDIUM (English)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (English)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (English)
29 June 2024
0 references
269996
CVSS Meta Temp Score: 5.7 (English)
VulDB Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R (English)
CNA Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X (English)
VulDB Meta Base Score: 5.8 (English)
VulDB Meta Temp Score: 5.7 (English)
VulDB Base Score: 5.2 (CVSS2#AV:A/AC:L/Au:S/C:P/I:P/A:P) (English)
VulDB Temp Score: 4.9 (CVSS2#E:ND/RL:ND/RC:UR) (English)
Cache ID: 172:360:117 (English)
Changes: 06/29/2024 04:50 AM (50), 06/30/2024 04:49 AM (2), 07/01/2024 11:41 PM (1), 07/12/2024 12:28 AM (11) (English)
29 June 2024
0 references
0 references
0 references
19 July 2024
0 references
CVE-2024-39828
28 June 2024
0 references
0 references
0 references
0 references