CVE-2024-39242

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions skycaiji version 2.8

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload using eval(String.fromCharCode()). This enables the execution of malicious code on the victim's browser.

Recommendations For skycaiji version 2.8, consider disabling the use of eval(String.fromCharCode()) until a patch is available to prevent the execution of malicious scripts. Restrict access to sensitive areas of the application to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-39242

Affected Products

Skycaiji

CVE-2024-39242

Weakness Enumeration

Related Identifiers

Affected Products

References · 3