Exploitation Summary
EIP tracks 1 public exploit for CVE-2024-2391. PoCs published by @casp3r0x0 hassan ali al-khafaji.
AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in EVE-NG 5.0.1-13. The attacker creates a lab with a text label containing a malicious script, which executes when other users open the lab.
Description
A vulnerability was found in EVE-NG 5.0.1-13 and classified as problematic. Affected by this issue is some unknown functionality of the component Lab Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256442 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Exploits (1)
This exploit demonstrates a stored XSS vulnerability in EVE-NG 5.0.1-13. The attacker creates a lab with a text label containing a malicious script, which executes when other users open the lab.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N