CVE-2024-29644

moderate-risk

Published 2024-03-26

Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box.

Do I need to act?

0.70% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Dcat Admin

Affected Vendors

Dcatadmin

References (6)

Product http://dcat-admin.com

Product https://github.com/jqhph/dcat-admin

Exploit https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m

Product http://dcat-admin.com

Product https://github.com/jqhph/dcat-admin

Exploit https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m

/ 100

moderate-risk

Severity 23/34 · High

Exploitability 2/34 · Minimal

Exposure 22/34 · High