{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5829", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-06-11T06:03:56.918Z", "datePublished": "2024-06-11T10:31:13.374Z", "dateUpdated": "2024-08-01T21:25:03.150Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-06-11T10:31:13.374Z"}, "title": "smallweigit Avue avueUeditor cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Cross Site Scripting"}]}], "affected": [{"vendor": "smallweigit", "product": "Avue", "versions": [{"version": "3.4.0", "status": "affected"}, {"version": "3.4.1", "status": "affected"}, {"version": "3.4.2", "status": "affected"}, {"version": "3.4.3", "status": "affected"}, {"version": "3.4.4", "status": "affected"}], "modules": ["avueUeditor"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in smallweigit Avue up to 3.4.4. Affected by this vulnerability is an unknown functionality of the component avueUeditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-267895. NOTE: The code maintainer explains, that \"rich text is no longer maintained\"."}, {"lang": "de", "value": "In smallweigit Avue bis 3.4.4 wurde eine problematische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Komponente avueUeditor. Dank Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "timeline": [{"time": "2024-06-11T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-06-11T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-06-11T08:09:55.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "VulDB Gitee Analyzer", "type": "tool"}], "references": [{"url": "https://vuldb.com/?id.267895", "name": "VDB-267895 | smallweigit Avue avueUeditor cross site scripting", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.267895", "name": "VDB-267895 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://gitee.com/smallweigit/avue/issues/I9UQ4Q", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T13:22:37.617815Z", "id": "CVE-2024-5829", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T13:22:47.815Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.150Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.267895", "name": "VDB-267895 | smallweigit Avue avueUeditor cross site scripting", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.267895", "name": "VDB-267895 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://gitee.com/smallweigit/avue/issues/I9UQ4Q", "tags": ["exploit", "issue-tracking", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.267895", "name": "VDB-267895 | smallweigit Avue avueUeditor cross site scripting", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.267895", "name": "VDB-267895 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://gitee.com/smallweigit/avue/issues/I9UQ4Q", "tags": ["exploit", "issue-tracking", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.150Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5829", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-11T13:22:37.617815Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T13:22:44.200Z"}}], "cna": {"title": "smallweigit Avue avueUeditor cross site scripting", "credits": [{"lang": "en", "type": "tool", "value": "VulDB Gitee Analyzer"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "affected": [{"vendor": "smallweigit", "modules": ["avueUeditor"], "product": "Avue", "versions": [{"status": "affected", "version": "3.4.0"}, {"status": "affected", "version": "3.4.1"}, {"status": "affected", "version": "3.4.2"}, {"status": "affected", "version": "3.4.3"}, {"status": "affected", "version": "3.4.4"}]}], "timeline": [{"lang": "en", "time": "2024-06-11T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-06-11T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-06-11T08:09:55.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.267895", "name": "VDB-267895 | smallweigit Avue avueUeditor cross site scripting", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.267895", "name": "VDB-267895 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://gitee.com/smallweigit/avue/issues/I9UQ4Q", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in smallweigit Avue up to 3.4.4. Affected by this vulnerability is an unknown functionality of the component avueUeditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-267895. NOTE: The code maintainer explains, that \"rich text is no longer maintained\"."}, {"lang": "de", "value": "In smallweigit Avue bis 3.4.4 wurde eine problematische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Komponente avueUeditor. Dank Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Cross Site Scripting"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-06-11T10:31:13.374Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5829", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:25:03.150Z", "dateReserved": "2024-06-11T06:03:56.918Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-06-11T10:31:13.374Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in smallweigit Avue up to 3.4.4. Affected by this vulnerability is an unknown functionality of the component avueUeditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-267895. NOTE: The code maintainer explains, that \"rich text is no longer maintained\"."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en smallweigit Avue hasta 3.4.4 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente avueUeditor es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a cross site scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-267895. NOTA: El responsable del c\u00f3digo explica que \"el texto enriquecido ya no se mantiene\"."}], "id": "CVE-2024-5829", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-06-11T11:15:49.847", "references": [{"source": "cna@vuldb.com", "url": "https://gitee.com/smallweigit/avue/issues/I9UQ4Q"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.267895"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.267895"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://gitee.com/smallweigit/avue/issues/I9UQ4Q"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://vuldb.com/?ctiid.267895"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://vuldb.com/?id.267895"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{}