PT-2024-31272 · Drug · Drug
Published
2024-09-06
·
Updated
2024-09-12
·
CVE-2024-44837
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Drug version 1.0
Description
A cross-site scripting (XSS) vulnerability in the component
Manager.java of Drug allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user parameter. This issue can be exploited by injecting malicious data into the user parameter, leading to the execution of unauthorized scripts or HTML code.Recommendations
For Drug version 1.0, consider disabling the
Manager.java component or restricting access to the user parameter until a patch is available. As a temporary workaround, avoid using the user parameter in the affected component to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drug