CVE-2024-8783

LOW

OpenTibiaBR MyAAC <= 0.8.16 - Cross-Site Scripting via Post Reply Handler

Title source: llm
STIX 2.1

Description

A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Affected is an unknown function of the file system/pages/forum/new_post.php of the component Post Reply Handler. The manipulation of the argument post_topic leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c. It is recommended to apply a patch to fix this issue.

References (6)

Core 6
Core References
Permissions Required vdb-entry technical-description
https://vuldb.com/?id.277434
Permissions Required signature permissions-required
https://vuldb.com/?ctiid.277434
Third Party Advisory third-party-advisory
https://vuldb.com/?submit.406368
Exploit exploit issue-tracking
https://github.com/opentibiabr/myaac/issues/121
Issue Tracking, Patch issue-tracking
https://github.com/opentibiabr/myaac/pull/122

Scores

CVSS v3 3.5
EPSS 0.0039
EPSS Percentile 31.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
opentibiabr/myaac < 0.8.16
Published Sep 13, 2024
Tracked Since Feb 18, 2026