Vulnerabilites related to dcatadmin - dcat_admin
Vulnerability from fkie_nvd
Published
2024-12-27 22:15
Modified
2025-04-21 17:00
Severity ?
Summary
Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/taynes-llllzt/taynes/issues/4 | Exploit, Third Party Advisory, Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dcatadmin | dcat_admin | 2.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "FDDF8F51-8D1A-4BB6-AFAD-C2320CDD4DFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create."
},
{
"lang": "es",
"value": "Dcat Admin v2.2.0-beta contiene una vulnerabilidad de cross-site scripting (XSS) en /admin/articles/create."
}
],
"id": "CVE-2024-54774",
"lastModified": "2025-04-21T17:00:56.877",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-12-27T22:15:12.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"Issue Tracking"
],
"url": "https://github.com/taynes-llllzt/taynes/issues/4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-27 22:15
Modified
2025-04-22 15:46
Severity ?
Summary
Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/taynes-llllzt/taynes/issues/5 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dcatadmin | dcat_admin | 2.2.0 | |
| dcatadmin | dcat_admin | 2.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "FDDF8F51-8D1A-4BB6-AFAD-C2320CDD4DFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.2.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "CAE044DD-27C5-49C2-BDF6-81BFB0E648D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions."
},
{
"lang": "es",
"value": "Dcat-Admin v2.2.0-beta y v2.2.2-beta contienen una vulnerabilidad de cross-site scripting (XSS) a trav\u00e9s de /admin/auth/menu y /admin/auth/extensions."
}
],
"id": "CVE-2024-54775",
"lastModified": "2025-04-22T15:46:43.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-12-27T22:15:12.117",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/taynes-llllzt/taynes/issues/5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-26 12:15
Modified
2025-04-30 16:48
Severity ?
Summary
Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://dcat-admin.com | Product | |
| cve@mitre.org | https://github.com/jqhph/dcat-admin | Product | |
| cve@mitre.org | https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://dcat-admin.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jqhph/dcat-admin | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dcatadmin | dcat_admin | * | |
| dcatadmin | dcat_admin | 2.0.0 | |
| dcatadmin | dcat_admin | 2.0.1 | |
| dcatadmin | dcat_admin | 2.0.2 | |
| dcatadmin | dcat_admin | 2.0.3 | |
| dcatadmin | dcat_admin | 2.0.4 | |
| dcatadmin | dcat_admin | 2.0.5 | |
| dcatadmin | dcat_admin | 2.0.6 | |
| dcatadmin | dcat_admin | 2.0.7 | |
| dcatadmin | dcat_admin | 2.0.8 | |
| dcatadmin | dcat_admin | 2.0.9 | |
| dcatadmin | dcat_admin | 2.0.10 | |
| dcatadmin | dcat_admin | 2.0.11 | |
| dcatadmin | dcat_admin | 2.0.12 | |
| dcatadmin | dcat_admin | 2.0.13 | |
| dcatadmin | dcat_admin | 2.0.14 | |
| dcatadmin | dcat_admin | 2.0.15 | |
| dcatadmin | dcat_admin | 2.0.16 | |
| dcatadmin | dcat_admin | 2.0.17 | |
| dcatadmin | dcat_admin | 2.0.18 | |
| dcatadmin | dcat_admin | 2.0.19 | |
| dcatadmin | dcat_admin | 2.0.20 | |
| dcatadmin | dcat_admin | 2.0.21 | |
| dcatadmin | dcat_admin | 2.0.22 | |
| dcatadmin | dcat_admin | 2.0.23 | |
| dcatadmin | dcat_admin | 2.0.24 | |
| dcatadmin | dcat_admin | 2.1.0 | |
| dcatadmin | dcat_admin | 2.1.1 | |
| dcatadmin | dcat_admin | 2.1.2 | |
| dcatadmin | dcat_admin | 2.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4217AF-E0B6-4A5C-8BAF-F86C9B11F558",
"versionEndIncluding": "1.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "25F5B3A0-A4BC-4E5E-839D-8617411531E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "770BB49B-4092-4731-AA54-FBE69BD328CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "9C20ADEC-2D34-4504-A2A5-04291CF58FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "4D1580C7-2CE9-4C50-887F-24B4F2E60DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "6C85600D-5624-4E2C-B549-C54590F7602F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "618420AD-26D9-4EFF-B1A0-908E34CF60C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "D31F81F7-9712-4A85-A12A-98F545CDB3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "95C94A3D-EBFA-4B3C-ACCA-03E4FB13BC0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.8:beta:*:*:*:*:*:*",
"matchCriteriaId": "93467373-3E14-4D30-A672-2C51ABA91CDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.9:beta:*:*:*:*:*:*",
"matchCriteriaId": "7912F297-97FC-4897-B3BE-8B70C683A709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.10:beta:*:*:*:*:*:*",
"matchCriteriaId": "52F2CD0C-2AFD-4611-A93B-C56D9805FE3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.11:beta:*:*:*:*:*:*",
"matchCriteriaId": "B7197805-2B42-46DD-A123-6CEA6F34E4BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.12:beta:*:*:*:*:*:*",
"matchCriteriaId": "BE87FED3-7A9C-404A-A80A-856BE66AF4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.13:beta:*:*:*:*:*:*",
"matchCriteriaId": "CAACBFB1-0647-489B-881E-521FD698D459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.14:beta:*:*:*:*:*:*",
"matchCriteriaId": "3D3AF413-853D-4EB4-BE5A-F9A2564FD98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.15:beta:*:*:*:*:*:*",
"matchCriteriaId": "7F2DCA57-4823-4D4D-94C3-F90F377C32FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.16:beta:*:*:*:*:*:*",
"matchCriteriaId": "BB04F8BA-9B0A-4254-9DA4-E005FE60DCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.17:beta:*:*:*:*:*:*",
"matchCriteriaId": "CEDC8077-A2F3-4818-BB63-0B5D147A6324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.18:beta:*:*:*:*:*:*",
"matchCriteriaId": "C745F249-CABC-4305-A783-F24869016783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.19:beta:*:*:*:*:*:*",
"matchCriteriaId": "C0CD5762-DAB9-4105-A6C0-1A55047E62D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.20:beta:*:*:*:*:*:*",
"matchCriteriaId": "397F7A7C-BA39-47D1-A119-F05E6A9749E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.21:beta:*:*:*:*:*:*",
"matchCriteriaId": "41A8D328-2107-4A62-9760-7CB2154460E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.22:beta:*:*:*:*:*:*",
"matchCriteriaId": "4FC95D17-7ED8-4C96-8174-0C3FB8D262D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.23:beta:*:*:*:*:*:*",
"matchCriteriaId": "43317B4C-5D37-4137-8506-550C0E1EB9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.0.24:beta:*:*:*:*:*:*",
"matchCriteriaId": "232E98CA-CD74-4031-B9CC-BD0B6F3696FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "21B35977-D1A2-486D-BE07-8D94D4BD8FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.1.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "E2F183CA-2110-4263-A4E5-A8630B614B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.1.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "309A1CED-2697-42D4-AF85-999B90FDBFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.1.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "EA07899B-5D17-4D06-8BFC-A8B19F70B994",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting en dcat-admin v.2.1.3 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el cuadro de inicio de sesi\u00f3n del usuario."
}
],
"id": "CVE-2024-29644",
"lastModified": "2025-04-30T16:48:15.930",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-26T12:15:50.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://dcat-admin.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/jqhph/dcat-admin"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://dcat-admin.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/jqhph/dcat-admin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-31 13:15
Modified
2025-01-10 15:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jqhph/dcat-admin/issues/2027 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jqhph/dcat-admin/issues/2027 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dcatadmin | dcat_admin | 2.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.1.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "EA07899B-5D17-4D06-8BFC-A8B19F70B994",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter."
}
],
"id": "CVE-2023-33736",
"lastModified": "2025-01-10T15:15:13.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-31T13:15:10.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/jqhph/dcat-admin/issues/2027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/jqhph/dcat-admin/issues/2027"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-24 21:15
Modified
2025-05-07 20:03
Severity ?
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/taynes-llllzt/taynes/issues/7 | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/taynes-llllzt/taynes/issues/7#issue-2792259251 | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.293237 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.293237 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.483364 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dcatadmin | dcat_admin | 2.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dcatadmin:dcat_admin:2.2.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "8D381610-A32D-4608-AB32-B81999C58566",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Dcat-Admin 2.2.1-beta. Se ha calificado como problem\u00e1tica. Este problema afecta a algunos procesos desconocidos del archivo /admin/auth/roles del componente Roles Page. La manipulaci\u00f3n conduce a Cross Site Scripting. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"id": "CVE-2025-0709",
"lastModified": "2025-05-07T20:03:05.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-01-24T21:15:11.237",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/taynes-llllzt/taynes/issues/7"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/taynes-llllzt/taynes/issues/7#issue-2792259251"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.293237"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.293237"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.483364"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
CVE-2025-0709 (GCVE-0-2025-0709)
Vulnerability from cvelistv5
Published
2025-01-24 20:31
Modified
2025-01-24 20:42
Severity ?
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
2.4 (Low) - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
2.4 (Low) - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.293237 | vdb-entry | |
| https://vuldb.com/?ctiid.293237 | signature, permissions-required | |
| https://vuldb.com/?submit.483364 | third-party-advisory | |
| https://github.com/taynes-llllzt/taynes/issues/7 | issue-tracking | |
| https://github.com/taynes-llllzt/taynes/issues/7#issue-2792259251 | exploit, issue-tracking |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Dcat-Admin |
Version: 2.2.1-beta |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0709",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T20:42:15.603517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T20:42:28.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Roles Page"
],
"product": "Dcat-Admin",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.2.1-beta"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yimeng (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Dcat-Admin 2.2.1-beta ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /admin/auth/roles der Komponente Roles Page. Durch Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T20:31:05.748Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-293237 | Dcat-Admin Roles Page roles cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.293237"
},
{
"name": "VDB-293237 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.293237"
},
{
"name": "Submit #483364 | Dcat Dcat-Admin v2.2.1-beta stored xss",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.483364"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/taynes-llllzt/taynes/issues/7"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/taynes-llllzt/taynes/issues/7#issue-2792259251"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-01-24T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-01-24T11:04:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "Dcat-Admin Roles Page roles cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-0709",
"datePublished": "2025-01-24T20:31:05.748Z",
"dateReserved": "2025-01-24T09:59:12.063Z",
"dateUpdated": "2025-01-24T20:42:28.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29644 (GCVE-0-2024-29644)
Vulnerability from cvelistv5
Published
2024-03-26 00:00
Modified
2025-03-24 15:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://dcat-admin.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jqhph/dcat-admin"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29644",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T16:24:36.777009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T15:50:03.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T11:58:56.290Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://dcat-admin.com"
},
{
"url": "https://github.com/jqhph/dcat-admin"
},
{
"url": "https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-29644",
"datePublished": "2024-03-26T00:00:00.000Z",
"dateReserved": "2024-03-19T00:00:00.000Z",
"dateUpdated": "2025-03-24T15:50:03.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54774 (GCVE-0-2024-54774)
Vulnerability from cvelistv5
Published
2024-12-27 00:00
Modified
2024-12-28 17:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-54774",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-28T17:56:34.453835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T17:57:31.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T21:18:29.466130",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/taynes-llllzt/taynes/issues/4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-54774",
"datePublished": "2024-12-27T00:00:00",
"dateReserved": "2024-12-06T00:00:00",
"dateUpdated": "2024-12-28T17:57:31.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54775 (GCVE-0-2024-54775)
Vulnerability from cvelistv5
Published
2024-12-27 00:00
Modified
2024-12-28 16:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-54775",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-28T16:49:52.142027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T16:51:07.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T21:20:52.077108",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/taynes-llllzt/taynes/issues/5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-54775",
"datePublished": "2024-12-27T00:00:00",
"dateReserved": "2024-12-06T00:00:00",
"dateUpdated": "2024-12-28T16:51:07.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33736 (GCVE-0-2023-33736)
Vulnerability from cvelistv5
Published
2023-05-31 00:00
Modified
2025-01-10 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:47:06.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jqhph/dcat-admin/issues/2027"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-33736",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T14:55:00.318155Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T14:55:59.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/jqhph/dcat-admin/issues/2027"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33736",
"datePublished": "2023-05-31T00:00:00",
"dateReserved": "2023-05-22T00:00:00",
"dateUpdated": "2025-01-10T14:55:59.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}