CVE-2024-9856 — LOW (2.4) — White Hats Nepal

Vulnerability Description

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component System Settings Page. The manipulation of the argument Login Interface Copyright leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.

CVSS Score

2.4

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
07Fly	07Flycms	1.3.8
07Fly	Customer Relationship Management	1.3.8

Related Weaknesses (CWE)

CWE-79

References

https://github.com/DeepMountains/zzz/blob/main/CVE6-2.mdExploitThird Party Advisory
https://vuldb.com/?ctiid.280052Permissions RequiredVDB Entry
https://vuldb.com/?id.280052Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.419223Third Party AdvisoryVDB Entry

FAQ

What is CVE-2024-9856?

CVE-2024-9856 is a vulnerability with a CVSS score of 2.4 (LOW). A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component System Settings Page. The m...

How severe is CVE-2024-9856?

CVE-2024-9856 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-9856?

Check the references section above for vendor advisories and patch information. Affected products include: 07Fly 07Flycms, 07Fly Customer Relationship Management.