無料スキャン
LOWCVE-2024-0181CVSS 2.4

RRJ Nueva Ecija Engineer Online Portal Admin Panel admin_user.php cross site scripting

翻訳中…

プラットフォーム

php

コンポーネント

rrj-nueva-ecija-engineer-online-portal

修正版

1.0.1

AI Confidence: highNVDEPSS 0.1%レビュー済み: 2026年5月
NVDで見る
保存
あなたの言語に翻訳中…

CVE-2024-0181 is a cross-site scripting (XSS) vulnerability affecting the RRJ Nueva Ecija Engineer Online Portal. This vulnerability allows attackers to inject malicious scripts into the portal, potentially leading to session hijacking or defacement. The vulnerability impacts versions 1.0 through 1.0 and has been addressed in version 1.0.1.

影響と攻撃シナリオ翻訳中…

Successful exploitation of CVE-2024-0181 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the RRJ Nueva Ecija Engineer Online Portal. This can be leveraged to steal session cookies, redirect users to malicious websites, or modify the content displayed on the portal. The impact is particularly concerning for administrative users, as compromised accounts could grant attackers access to sensitive data and control over the portal's functionality. The vulnerability's remote accessibility and public disclosure increase the likelihood of exploitation.

悪用の状況翻訳中…

CVE-2024-0181 has been publicly disclosed and a proof-of-concept may be available. The vulnerability's LOW CVSS score reflects the relatively limited impact and ease of mitigation. As of the time of writing, no confirmed active exploitation campaigns have been reported, but the public disclosure warrants immediate attention and remediation.

リスク対象者翻訳中…

Administrators of the RRJ Nueva Ecija Engineer Online Portal are at the highest risk, as a compromised admin account could grant attackers full control over the portal. Users who rely on the portal for critical data or services are also at risk, as their sessions could be hijacked or their data exposed.

検出手順翻訳中…

• generic web: Use curl to test the /admin/admin_user.php endpoint with various payloads containing <script> tags. Examine the response for signs of script execution.

curl -X POST -d 'Firstname=<script>alert(1)</script>' http://your-portal/admin/admin_user.php

• generic web: Review access and error logs for suspicious requests targeting /admin/admin_user.php containing XSS payloads. • php: Examine the source code of /admin/admin_user.php for inadequate input validation or output encoding of the Firstname, Lastname, and Username parameters.

攻撃タイムライン

  1. Disclosure

    disclosure

  2. Patch

    patch

脅威インテリジェンス

エクスプロイト状況

概念実証不明
CISA KEVNO
インターネット露出

EPSS

0.13% (32% パーセンタイル)

CVSS ベクトル

脅威インテリジェンス· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N2.4LOWAttack VectorNetwork攻撃者がターゲットに到達する方法Attack ComplexityLow悪用に必要な条件Privileges RequiredHigh攻撃に必要な認証レベルUser InteractionRequired被害者の操作が必要かどうかScopeUnchanged影響コンポーネント外への波及ConfidentialityNone機密データ漏洩のリスクIntegrityLow不正データ改ざんのリスクAvailabilityNoneサービス障害のリスクnextguardhq.com · CVSS v3.1 基本スコア
これらのメトリクスの意味は?
Attack Vector
ネットワーク — インターネット経由でリモートから悪用可能。物理・ローカルアクセス不要。
Attack Complexity
低 — 特別な条件不要。安定して悪用可能。
Privileges Required
高 — 管理者または特権アカウントが必要。
User Interaction
必要 — 被害者がファイルを開く、リンクをクリックするなどのアクションが必要。
Scope
変化なし — 影響は脆弱なコンポーネントのみ。
Confidentiality
なし — 機密性への影響なし。
Integrity
低 — 限定的な範囲でデータ変更可能。
Availability
なし — 可用性への影響なし。

影響を受けるソフトウェア

コンポーネントrrj-nueva-ecija-engineer-online-portal
ベンダーRRJ
影響範囲修正版
1.0 – 1.01.0.1

弱点分類 (CWE)

CWE-79

タイムライン

  1. 予約済み
  2. 公開日
  3. 更新日
  4. EPSS 更新日

緩和策と回避策翻訳中…

The primary mitigation for CVE-2024-0181 is to upgrade the RRJ Nueva Ecija Engineer Online Portal to version 1.0.1 or later. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the /admin/admin_user.php page to sanitize user-supplied data. While a direct WAF rule is difficult without specific payload examples, general XSS prevention rules can offer some protection. Regularly review and update the portal's codebase to address potential security vulnerabilities.

修正方法翻訳中…

Actualizar el RRJ Nueva Ecija Engineer Online Portal a una versión parcheada o implementar medidas de saneamiento de entrada en el archivo /admin/admin_user.php para evitar la ejecución de código XSS. Validar y escapar los datos de entrada de los campos Firstname, Lastname y Username antes de mostrarlos en la página.

CVEセキュリティニュースレター

脆弱性分析と重要アラートをメールでお届けします。

よくある質問翻訳中…

What is CVE-2024-0181 — XSS in RRJ Nueva Ecija Engineer Online Portal?

CVE-2024-0181 is a cross-site scripting vulnerability in the RRJ Nueva Ecija Engineer Online Portal versions 1.0-1.0, allowing attackers to inject malicious scripts.

Am I affected by CVE-2024-0181 in RRJ Nueva Ecija Engineer Online Portal?

If you are running RRJ Nueva Ecija Engineer Online Portal version 1.0 or 1.0, you are potentially affected by this vulnerability.

How do I fix CVE-2024-0181 in RRJ Nueva Ecija Engineer Online Portal?

Upgrade to version 1.0.1 or later to resolve the vulnerability. Implement input validation and output encoding as a temporary workaround.

Is CVE-2024-0181 being actively exploited?

While no confirmed active exploitation campaigns have been reported, the public disclosure increases the risk of exploitation.

Where can I find the official RRJ Nueva Ecija Engineer Online Portal advisory for CVE-2024-0181?

Refer to the vendor's official website or security advisories for the most up-to-date information regarding CVE-2024-0181.

あなたのプロジェクトは影響を受けていますか?

依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。

無料スキャンCVEを検索