CVE-2024-11986 - Vulnerability Details - OpenCVE

Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scripting'.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Crushftp	Crushftp

No data.

No data.

References

Link	Providers
https://crushftp.com/crush11wiki/Wiki.jsp?page=Update

History

Fri, 13 Dec 2024 14:00:00 +0000

Type	Values Removed	Values Added
Description		Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scripting'.
Title		Stored XSS in CrushFTP
Weaknesses		CWE-79
References		https://crushftp.com/crush11wiki/Wiki.jsp?page=Update
Metrics		cvssV3_1 `{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: ENISA

Published: 2024-12-13T13:46:54.204Z

Updated: 2024-12-13T20:41:28.545Z

Reserved: 2024-11-29T07:20:34.286Z

Link: CVE-2024-11986

Vulnrichment

No data.

NVD

Status : Received

Published: 2024-12-13T14:15:21.207

Modified: 2024-12-13T14:15:21.207

Link: CVE-2024-11986

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11986", "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "state": "PUBLISHED", "assignerShortName": "ENISA", "dateReserved": "2024-11-29T07:20:34.286Z", "datePublished": "2024-12-13T13:46:54.204Z", "dateUpdated": "2024-12-13T20:41:28.545Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "CrushFTP", "vendor": "CrushFTP, LLC", "versions": [{"lessThan": "10.8.2", "status": "affected", "version": "10.0.0", "versionType": "semver"}, {"lessThan": "11.2.1", "status": "affected", "version": "11.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "European Commission, Application Security Testing Services"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgba(63, 67, 80, 0.04);\">Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scripting'.</span>\n\n<br>"}], "value": "Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scripting'."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "shortName": "ENISA", "dateUpdated": "2024-12-13T13:46:54.204Z"}, "references": [{"url": "https://crushftp.com/crush11wiki/Wiki.jsp?page=Update"}], "source": {"discovery": "UNKNOWN"}, "title": "Stored XSS in CrushFTP", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-13T20:41:08.250727Z", "id": "CVE-2024-11986", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-13T20:41:28.545Z"}}]}}