免费扫描
LOWCVE-2024-0184CVSS 2.4

RRJ Nueva Ecija Engineer Online Portal Add Enginer edit_teacher.php cross site scripting

翻译中…

平台

php

组件

rrj-nueva-ecija-engineer-online-portal

修复版本

1.0.1

AI Confidence: mediumNVDEPSS 0.1%已审阅: 2026年5月
在NVD查看
保存
正在翻译为您的语言…

CVE-2024-0184 is a cross-site scripting (XSS) vulnerability affecting the RRJ Nueva Ecija Engineer Online Portal. This vulnerability allows attackers to inject malicious scripts into the portal, potentially compromising user accounts and data. The vulnerability impacts versions 1.0 through 1.0, and a patch is available in version 1.0.1.

影响与攻击场景翻译中…

An attacker could leverage this XSS vulnerability to execute arbitrary JavaScript code within the context of a user's browser session on the RRJ Nueva Ecija Engineer Online Portal. This could lead to the theft of sensitive information, such as session cookies, allowing the attacker to impersonate the user. Further exploitation could involve redirecting users to malicious websites, defacing the portal, or injecting malware. The impact is particularly concerning for administrators or users with elevated privileges within the portal, as their actions could be hijacked.

利用背景翻译中…

This vulnerability has been publicly disclosed, and a proof-of-concept may be available. The CVSS score is LOW (2.4), suggesting that exploitation is relatively straightforward but the potential impact is limited. As of the time of writing, there are no reports of active exploitation campaigns targeting this specific vulnerability. The vulnerability was published on 2024-01-01.

哪些人处于风险中翻译中…

Administrators and users with access to the /admin/edit_teacher.php page are at the highest risk. Organizations relying on the RRJ Nueva Ecija Engineer Online Portal for critical operations or handling sensitive user data are particularly vulnerable.

检测步骤翻译中…

• generic web: Use curl to test the /admin/edit_teacher.php endpoint with various payloads in the Firstname and Lastname parameters. Look for reflected XSS behavior in the response.

curl 'http://your-portal-url/admin/edit_teacher.php?Firstname=<script>alert(1)</script>'

• generic web: Examine access and error logs for suspicious requests targeting /admin/edit_teacher.php with unusual parameters or patterns indicative of XSS attempts. • php: Review the source code of /admin/edit_teacher.php for inadequate input validation or output encoding of the Firstname and Lastname parameters.

攻击时间线

  1. Disclosure

    disclosure

威胁情报

漏洞利用状态

概念验证未知
CISA KEVNO
互联网暴露

EPSS

0.06% (17% 百分位)

CVSS 向量

威胁情报· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N2.4LOWAttack VectorNetwork攻击者如何到达目标Attack ComplexityLow利用漏洞所需的条件Privileges RequiredHigh攻击所需的认证级别User InteractionRequired是否需要受害者采取行动ScopeUnchanged超出受影响组件的影响范围ConfidentialityNone敏感数据泄露风险IntegrityLow数据未授权篡改风险AvailabilityNone服务中断风险nextguardhq.com · CVSS v3.1 基础分数
这些指标意味着什么?
Attack Vector
网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
Attack Complexity
低 — 无需特殊条件,可以稳定地利用漏洞。
Privileges Required
高 — 需要管理员或特权账户。
User Interaction
需要 — 受害者必须打开文件、点击链接或访问特制页面。
Scope
未改变 — 影响仅限于脆弱组件本身。
Confidentiality
无 — 无机密性影响。
Integrity
低 — 攻击者可修改部分数据,影响有限。
Availability
无 — 无可用性影响。

受影响的软件

组件rrj-nueva-ecija-engineer-online-portal
供应商RRJ
影响范围修复版本
1.0 – 1.01.0.1

弱点分类 (CWE)

CWE-79

时间线

  1. 已保留
  2. 发布日期
  3. 修改日期
  4. EPSS 更新日期

缓解措施和替代方案翻译中…

The primary mitigation for CVE-2024-0184 is to upgrade the RRJ Nueva Ecija Engineer Online Portal to version 1.0.1 or later, which contains the fix. If upgrading immediately is not feasible, consider implementing input validation and output encoding on the Firstname and Lastname parameters in the /admin/edit_teacher.php file to sanitize user input. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of defense. After upgrading, confirm the vulnerability is resolved by attempting to inject a simple XSS payload into the Firstname or Lastname fields and verifying that the script is not executed.

修复方法翻译中…

Actualice el software a una versión parcheada o aplique las mitigaciones proporcionadas por el proveedor. Desinfecte las entradas de usuario Firstname/Lastname para evitar la ejecución de código JavaScript malicioso. Considere implementar validación y codificación de datos en el lado del servidor.

CVE 安全通讯

漏洞分析和关键警报直接发送到您的邮箱。

常见问题翻译中…

What is CVE-2024-0184 — XSS in RRJ Nueva Ecija Engineer Online Portal?

CVE-2024-0184 is a cross-site scripting (XSS) vulnerability in RRJ Nueva Ecija Engineer Online Portal versions 1.0-1.0, allowing attackers to inject malicious scripts.

Am I affected by CVE-2024-0184 in RRJ Nueva Ecija Engineer Online Portal?

You are affected if you are running RRJ Nueva Ecija Engineer Online Portal version 1.0 or 1.0. Check your version and upgrade if necessary.

How do I fix CVE-2024-0184 in RRJ Nueva Ecija Engineer Online Portal?

Upgrade to version 1.0.1 or later. As a temporary measure, implement input validation and output encoding on the affected parameters.

Is CVE-2024-0184 being actively exploited?

There are currently no confirmed reports of active exploitation, but the vulnerability is publicly disclosed and a proof-of-concept may be available.

Where can I find the official RRJ Nueva Ecija Engineer Online Portal advisory for CVE-2024-0184?

Refer to the vendor's official website or security advisories for the latest information regarding CVE-2024-0184.

你的项目受影响吗?

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE