CVE-2024-52268

Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://jvn.jp/en/jp/JVN05136799/	Third Party Advisory
https://vektor-inc.co.jp/en/update/regarding-vulnerabilities-in-vk-all-in-one-expansion-unit-version-9-100-0-and-earlier/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:vektor-inc:vk_all_in_one_expansion_unit:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2024-11-13 06:15

Updated : 2024-11-19 15:57

NVD link : CVE-2024-52268

Mitre link : CVE-2024-52268

CVE.ORG link : CVE-2024-52268

JSON object : View

Products Affected

vektor-inc

vk_all_in_one_expansion_unit

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2024-52268", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2024-11-13T06:15:14.903", "references": [{"url": "https://jvn.jp/en/jp/JVN05136799/", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://vektor-inc.co.jp/en/update/regarding-vulnerabilities-in-vk-all-in-one-expansion-unit-version-9-100-0-and-earlier/", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "vultures@jpcert.or.jp", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product."}, {"lang": "es", "value": "Existe una vulnerabilidad de Cross Site Scripting en las versiones de VK All in One Expansion Unit anteriores a la 9.100.1.0. Si se aprovecha esta vulnerabilidad, se puede ejecutar una secuencia de comandos arbitraria en el navegador web del usuario que accede al sitio web mediante el producto."}], "lastModified": "2024-11-19T15:57:03.780", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vektor-inc:vk_all_in_one_expansion_unit:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "5C50E627-160C-4091-A630-E38CBC029967", "versionEndExcluding": "9.100.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}