CVE-2024-3776 Vulnerability Details

  /     /     /  

CVE-2024-3776 Metadata Quick Info

CVE Published: 15/04/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: twcert | Vendor: Netvision | Product: airPASS
Status : PUBLISHED

CVE-2024-3776 Description

The parameter used in the login page of Netvision airPASS is not properly filtered for user input. An unauthenticated remote attacker can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks.

Metrics

CVSS Version: 3.1 | Base Score: 6.1 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-79
CWE Name: CWE-79 Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting )
Source: Netvision

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-591
CAPEC Description: CAPEC-591 Reflected XSS