CVE-2024-40324
MEDIUME-Staff <5.1 - HTTP Response Splitting
Title source: llmDescription
A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation.
Exploits (1)
Scores
CVSS v3
5.4
EPSS
0.1201
EPSS Percentile
93.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Classification
CWE
CWE-113
CWE-93
CWE-74
Status
published
Affected Products (1)
datex-soft/e-staff
Timeline
Published
Jul 25, 2024
Tracked Since
Feb 18, 2026