PT-2024-24006 · Bunny.Net · Bunny.Net
Joshua Chan
·
Published
2024-04-11
·
Updated
2024-04-11
·
CVE-2024-31361
CVSS v3.1
5.9
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L |
XSS
Weakness Enumeration
Related Identifiers
Affected Products
Bunny.Net
Joshua Chan
·
Published
2024-04-11
·
Updated
2024-04-11
·
CVE-2024-31361
5.9
Medium
| Base vector | Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions:
bunny.Net versions n/a through 2.0.1
Description:
The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page.
Recommendations:
For versions n/a through 2.0.1, update to a version that fixes the Stored XSS issue to prevent exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS