CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-1029

High Severity
Cogites
SVRS
58/100
CVSSv3
6.1/10
EPSS
0.00044/1

CVE-2024-1029 is a cross-site scripting (XSS) vulnerability in Cogites eReserv 7.7.58, allowing attackers to inject malicious scripts into web pages viewed by other users. Specifically, the Nom argument in the /front/admin/tenancyDetail.php file is susceptible to manipulation. An attacker can remotely trigger this vulnerability by injecting a script via the Nom parameter. With an SVRS of 58, while not critical, CVE-2024-1029 represents a moderate risk that should be addressed. Due to the 'In The Wild' tag, there is a higher risk of exploitation. Successful exploitation could lead to session hijacking, defacement, or the redirection of users to malicious websites. Although the CVSS score is 6.1, organizations should still patch this vulnerability to protect against potential attacks.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:C
C:L
I:L
A:N
PUBLICATION DATE2024-01-30
LAST MODIFIED2024-05-17
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-1029 is a cross-site scripting (XSS) vulnerability in Cogites eReserv 7.7.58. This vulnerability allows an attacker to execute arbitrary JavaScript code in a victim's browser, potentially leading to account takeover, data theft, or other malicious activities. The SVRS for this vulnerability is 47, indicating a moderate level of risk.

Key Insights:

  1. The vulnerability is exploitable remotely, meaning an attacker does not need to have direct access to the victim's computer to exploit it.
  2. The vulnerability has been publicly disclosed, increasing the likelihood of exploitation.
  3. The vulnerability is assigned the identifier VDB-252302, which can be used to track additional information and updates about the vulnerability.

Mitigation Strategies:

  1. Update to the latest version of Cogites eReserv (7.7.59 or later) as soon as possible.
  2. Implement input validation and sanitization techniques to prevent malicious input from being processed by the application.
  3. Use a web application firewall (WAF) to block malicious requests and protect against XSS attacks.
  4. Educate users about the risks of XSS attacks and how to protect themselves from them.

Additional Information:

  • If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

No news found for this CVE

Social Media

No tweets found for this CVE

Affected Software

Configuration 1
TypeVendorProduct
AppCogitesereserv

References

ReferenceLink
[email protected]https://vuldb.com/?ctiid.252302
[email protected]https://vuldb.com/?id.252302
GITHUBhttps://vuldb.com/?id.252302

CWE Details

CWE IDCWE NameDescription
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence