CVE-2024-55451

{"id": "CVE-2024-55451", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2024-12-16T23:15:06.710", "references": [{"url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/ujcms/StoredXSS-SVGUpload.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/dromara/ujcms", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/ujcms/StoredXSS-SVGUpload.md", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously crafted SVG file is viewed by other backend users, it allows authenticated attackers to execute arbitrary JavaScript in the context of other backend users' browsers, potentially leading to the theft of sensitive tokens."}, {"lang": "es", "value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la funcionalidad de carga y visualizaci\u00f3n de archivos SVG autenticados en UJCMS 9.6.3. La vulnerabilidad surge de una desinfecci\u00f3n insuficiente de los atributos integrados en los archivos SVG cargados. Cuando otros usuarios del backend ven un archivo SVG manipulado con fines malintencionados, los atacantes autenticados pueden ejecutar c\u00f3digo JavaScript arbitrario en el contexto de los navegadores de otros usuarios del backend, lo que puede llevar al robo de tokens confidenciales."}], "lastModified": "2025-04-24T15:26:43.720", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ujcms:ujcms:9.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B35595EB-DB23-45CE-B865-658935EAE1D3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}