PT-2024-39249 · Unknown · Opentibiabr Myaac
Rafael Cintra Lopes
·
Published
2024-09-13
·
Updated
2024-09-19
·
CVE-2024-8783
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
OpenTibiaBR MyAAC versions up to 0.8.16
Description:
A problematic vulnerability has been found in OpenTibiaBR MyAAC, affecting an unknown function of the file system/pages/forum/new post.php of the component Post Reply Handler. The manipulation of the
post topic argument leads to cross-site scripting. It is possible to launch the attack remotely.Recommendations:
For versions up to 0.8.16, apply a patch to fix this issue, specifically the patch identified as bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c. As a temporary workaround, consider restricting the use of the
post topic argument in the new post.php file until a patch is applied.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opentibiabr Myaac