Cross-site scripting vulnerability for Sandboxels 1.9 - 1.9.5 (Q3408): Difference between revisions

From R74n Wikibase

Jump to navigation Jump to search

@@ Property / mentioned at URL @@
+https://www.mail-archive.com/search?l=debian-security-tracker-commits@alioth-lists.debian.net&q=subject:%22%5C%5BGit%5C%5D%5C%5Bsecurity%5C-tracker%5C-team%5C%2Fsecurity%5C-tracker%5C%5D%5C%5Bmaster%5C%5D+Process+some+NFUs%22&o=newest&f=1
+Normal rank
+quotation: +   NOT-FOR-US: R74n Sandboxels    CVE-2024-39828 (R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modifi ...) (English)
@@ Property / mentioned at URL @@
+https://t.me/cveNotify/84855
@@ Property / mentioned at URL: https://t.me/cveNotify/84855 / rank @@
+Normal rank
@@ Property / mentioned at URL: https://t.me/cveNotify/84855 / reference @@
+URL: https://en.tgchannels.org/channel/cvenotify/84855
@@ Property / mentioned at URL @@
+https://raw.githubusercontent.com/trickest/cve/main/2024/CVE-2024-39828.md
+Normal rank
+source code repo URL: https://github.com/trickest/cve/tree/main/2024/CVE-2024-39828.md
@@ Property / Multiplane planecode @@
+R13300
@@ Property / Multiplane planecode: R13300 / rank @@
+Normal rank
@@ Property / Multiplane planecode: R13300 / qualifier @@
+start date: 19 July 2024Timestamp +2024-07-19T00:00:00Z
Timezone +00:00
Calendar Gregorian
Precision 1 day
Before 0
After 0
-Timestamp
++2024-07-19T00:00:00Z
-Timezone
++00:00
-Calendar
+Gregorian
-Precision
+day
 Before
 After

Latest revision as of 04:20, 19 July 2024

Sandboxels XSS vulnerability

CVE-2024-39828
GHSA-837w-cqm8-gx58

Language	Label	Description	Also known as
English	Cross-site scripting vulnerability for Sandboxels 1.9 - 1.9.5	Sandboxels XSS vulnerability	CVE-2024-39828 GHSA-837w-cqm8-gx58

Statements

0 references

0 references

Sandboxels 1.9.1

0 references

Sandboxels 1.9.2

0 references

Sandboxels 1.9.3

0 references

Sandboxels 1.9.4

0 references

Sandboxels 1.9.4.1

0 references

Sandboxels 1.9.5

0 references

0 references

Sandboxels save

0 references

0 references

0 references

13 October 2023

0 references

29 June 2024

0 references

date of discovery

25 June 2024

0 references

0 references

R74n Discord server

0 references

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39828

28 June 2024

0 references

https://nvd.nist.gov/vuln/detail/CVE-2024-39828

28 June 2024

ADP: CISA-ADP (English)

Base Score: 6.1 MEDIUM (English)

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (English)

1 reference

https://nvd.nist.gov/vuln/search/results?query=xss&startIndex=20

https://www.cve.org/CVERecord?id=CVE-2024-39828

28 June 2024

0 references

https://vulmon.com/vulnerabilitydetails?qid=CVE-2024-39828

2 references

https://vulmon.com/searchpage?page=1&q=Cisco%20Nx-os%204.0%5C%5C(1a%5C%5C)n2%5C%5C(1%5C%5C)&sortby=bydate&scoretype=cvssv2

https://vulmon.com/searchpage?page=1&q=Cisco%20Unified%20Communications%20Manager%20Im%20%5C%5C&%20Presence%20Service%2010.5%5C%5C(2%5C%5C)&sortby=bydate

https://cvefeed.io/vuln/detail/CVE-2024-39828

0 references

https://cveawg.mitre.org/api/cve/CVE-2024-39828

0 references

https://cvefeed.io/vuln/detail/CVE-2024-39828

0 references

https://github.com/advisories/GHSA-837w-cqm8-gx58

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (English)

29 June 2024

0 references

https://avd.aquasec.com/nvd/2024/cve-2024-39828/

1 reference

https://avd.aquasec.com/nvd/2024/

https://vuldb.com/?id.269996

269996

CVSS Meta Temp Score: 5.7 (English)

VulDB Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R (English)

CNA Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X (English)

VulDB Meta Base Score: 5.8 (English)

VulDB Meta Temp Score: 5.7 (English)

VulDB Base Score: 5.2 (CVSS2#AV:A/AC:L/Au:S/C:P/I:P/A:P) (English)

VulDB Temp Score: 4.9 (CVSS2#E:ND/RL:ND/RC:UR) (English)

Cache ID: 172:360:117 (English)

Changes: 06/29/2024 04:50 AM (50), 06/30/2024 04:49 AM (2), 07/01/2024 11:41 PM (1), 07/12/2024 12:28 AM (11) (English)

29 June 2024

0 references

https://vuldb.com/?json.269996

269996

0 references

https://vulners.com/cve/CVE-2024-39828

0 references

https://cxsecurity.com/cveshow/CVE-2024-39828/

0 references

https://debricked.com/vulnerability-database/vulnerability/CVE-2024-39828

0 references

https://cyber.vumetric.com/vulns/CVE-2024-39828/

0 references

https://www.cvedetails.com/cve/CVE-2024-39828/

1 reference

https://www.cvedetails.com/vulnerability-list/year-2024/month-6/June.html

https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2024-39828

0 references

https://www.opencve.io/cve/CVE-2024-39828

1 reference

https://www.opencve.io/cve?cwe=CWE-79&cvss=&search=sandboxels

https://exchange.xforce.ibmcloud.com/vulnerabilities/296041

296041

0 references

https://avd.aliyun.com/detail?id=AVD-2024-39828

AVD-2024-39828

29 June 2024

0 references

https://ioc.one/auth/attribute/dea2c192-674c-4b40-a159-db5df8524bfc

dea2c192-674c-4b40-a159-db5df8524bfc

0 references

https://www.secualive.jp/en/feed/nvd/vulnerability/detailinfo/CVE-2024-39828/

2 references

https://www.secualive.jp/en/feed/vulnerability/?search_display_number=10&page_jvn=18&page_nvd=236

https://secualive.jp/en/feed/vulnerability/?search_display_number=10&page_jvn=17637&page_nvd=22

https://www.vulncode-db.com/CVE-2024-39828

0 references

https://github.com/ggod2/sandboxels_xss_test/tree/main/README.md

0 references

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39828

28 June 2024

0 references

https://www.cve.org/CVERecord?id=CVE-2024-39828

28 June 2024

MITRE Corporation

0 references

source code repo URL

https://github.com/ggod2/sandboxels_xss_test

0 references

mentioned at URL

https://www.mail-archive.com/search?l=debian-security-tracker-commits@alioth-lists.debian.net&q=subject:%22%5C%5BGit%5C%5D%5C%5Bsecurity%5C-tracker%5C-team%5C%2Fsecurity%5C-tracker%5C%5D%5C%5Bmaster%5C%5D+automatic+update%22&o=newest&f=1

+ TODO: check +CVE-2024-39828 (R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modifi ...) (English)

0 references

https://www.cisa.gov/news-events/bulletins/sb24-183

0 references

https://www.mail-archive.com/search?l=debian-security-tracker-commits@alioth-lists.debian.net&q=subject:%22%5C%5BGit%5C%5D%5C%5Bsecurity%5C-tracker%5C-team%5C%2Fsecurity%5C-tracker%5C%5D%5C%5Bmaster%5C%5D+Process+some+NFUs%22&o=newest&f=1

+ NOT-FOR-US: R74n Sandboxels CVE-2024-39828 (R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modifi ...) (English)

0 references

https://t.me/cveNotify/84855

1 reference

https://en.tgchannels.org/channel/cvenotify/84855

https://raw.githubusercontent.com/trickest/cve/main/2024/CVE-2024-39828.md

source code repo URL

https://github.com/trickest/cve/tree/main/2024/CVE-2024-39828.md

0 references

Multiplane planecode

19 July 2024

0 references

CVE-2024-39828

28 June 2024

0 references

GHSA-837w-cqm8-gx58

29 June 2024

0 references

1806813138836238382

CVEnew

0 references

1806849098546348398

VulmonFeeds

0 references

Retrieved from "https://data.r74n.com/w/index.php?title=Item:Q3408&oldid=19276"