CVE-2024-41572

{"id": "CVE-2024-41572", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-08-21T19:15:13.380", "references": [{"url": "https://medium.com/%40ChadSecurity/cve-2024-41572-68397fae354b", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting (XSS). The application has a specific function that does not filter special characters in URL parameters. Remote attackers can inject JavaScript code without authorization. Exploiting this vulnerability, attackers can steal user credentials or execute actions such as injecting malicious scripts or redirecting users to malicious sites."}, {"lang": "es", "value": "Learning with Texts (LWT) 2.0.3 es vulnerable a Cross Site Scripting (XSS). La aplicaci\u00f3n tiene una funci\u00f3n espec\u00edfica que no filtra caracteres especiales en los par\u00e1metros de la URL. Los atacantes remotos pueden inyectar c\u00f3digo JavaScript sin autorizaci\u00f3n."}], "lastModified": "2025-03-18T19:15:43.633", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lang-learn-guy:learning_with_texts:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C21149A-45A1-49B6-AB7D-6E30407C3D22"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}