CVE-2024-43381 in rengineИнформация

Сводка

по MITRE • 16.08.2024

reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of malicious scripts in the reNgine's dashboard view when any user views the scan results. The XSS payload is directly fetched from the DNS record of the remote target domain. Consequently, an attacker can execute the attack without requiring any additional input from the target or the reNgine user. A patch is available and expected to be part of version 2.1.3.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

GitHub M

Резервировать

09.08.2024

Раскрытие

16.08.2024

Модерация

принято

Вход

VDB-274872

CPE

готов

CWE

CWE-79 (Подтверждённый)

CVSS

5.4 (NVD)

EPSS

0.00694

KEV

Нет

Деятельности

Очень низкий

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2024-43381
NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-43381
CVE Details	https://www.cvedetails.com/cve/CVE-2024-43381/

◂ Предыдущий Обзор Далее ▸

Might our Artificial Intelligence support you?

Check our Alexa App!