Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-3138
CVE-2024-3138:
PHP vulnerability analysis and mitigation
Overview
A vulnerability was found in francoisjacquet RosarioSIS 11.5.1 affecting the Add Portal Note component. The issue has been rated as problematic and involves cross-site scripting (XSS) that can be initiated remotely. The vulnerability is currently disputed as the vendor explains that the PDF is opened by the browser app in a sandbox, so no data from the website should be accessible (NVD).
Technical details
The vulnerability is related to cross-site scripting (XSS) and has been assigned CWE-79 (Improper Neutralization of Input During Web Page Generation). According to VulDB, it has received a CVSS v3.1 base score of 3.5 (LOW) with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N, and a CVSS v2.0 score of 4.0 (MEDIUM) with vector (AV:N/AC:L/Au:S/C:N/I:P/A:N) (NVD).
Impact
The vulnerability could potentially allow an attacker to perform cross-site scripting attacks, though the actual impact is disputed due to the sandbox implementation claimed by the vendor (NVD).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management