CVE-2024-34749

Description

Phormer prior to version 3.35 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote unauthenticated attacker may execute an arbitrary script on the web browser of the user.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

Aidin / Phormerprior to version 3.35 – prior to version 3.35

References

MISChttp://p.horm.org/er/
MISChttps://github.com/eyedean/phormer
MISChttps://sourceforge.net/projects/rephormer/
MISChttps://jvn.jp/en/jp/JVN61054671/