PT-2024-35914 · Unknown · Jsy-1 Short-Url

Published

2024-05-26

Updated

2024-06-04

CVE-2024-5380

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions jsy-1 short-url version 1.0.0

Description A problematic vulnerability has been found in the jsy-1 short-url software. The issue affects an unknown function of the file admin.php. The manipulation of the url argument leads to cross-site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.0 addresses this issue.

Recommendations For jsy-1 short-url version 1.0.0, upgrade to version 2.0.0 to address the issue. As a temporary workaround, consider restricting access to the admin.php file or disabling the manipulation of the url argument until the upgrade is applied.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-5380

Affected Products

Jsy-1 Short-Url

PT-2024-35914 · Unknown · Jsy-1 Short-Url

CVE-2024-5380

Weakness Enumeration

Related Identifiers

Affected Products

References · 7