免费扫描
LOWCVE-2024-0181CVSS 2.4

RRJ Nueva Ecija Engineer Online Portal Admin Panel admin_user.php cross site scripting

翻译中…

平台

php

组件

rrj-nueva-ecija-engineer-online-portal

修复版本

1.0.1

AI Confidence: highNVDEPSS 0.1%已审阅: 2026年5月
在NVD查看
保存
正在翻译为您的语言…

CVE-2024-0181 is a cross-site scripting (XSS) vulnerability affecting the RRJ Nueva Ecija Engineer Online Portal. This vulnerability allows attackers to inject malicious scripts into the portal, potentially leading to session hijacking or defacement. The vulnerability impacts versions 1.0 through 1.0 and has been addressed in version 1.0.1.

影响与攻击场景翻译中…

Successful exploitation of CVE-2024-0181 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the RRJ Nueva Ecija Engineer Online Portal. This can be leveraged to steal session cookies, redirect users to malicious websites, or modify the content displayed on the portal. The impact is particularly concerning for administrative users, as compromised accounts could grant attackers access to sensitive data and control over the portal's functionality. The vulnerability's remote accessibility and public disclosure increase the likelihood of exploitation.

利用背景翻译中…

CVE-2024-0181 has been publicly disclosed and a proof-of-concept may be available. The vulnerability's LOW CVSS score reflects the relatively limited impact and ease of mitigation. As of the time of writing, no confirmed active exploitation campaigns have been reported, but the public disclosure warrants immediate attention and remediation.

哪些人处于风险中翻译中…

Administrators of the RRJ Nueva Ecija Engineer Online Portal are at the highest risk, as a compromised admin account could grant attackers full control over the portal. Users who rely on the portal for critical data or services are also at risk, as their sessions could be hijacked or their data exposed.

检测步骤翻译中…

• generic web: Use curl to test the /admin/admin_user.php endpoint with various payloads containing <script> tags. Examine the response for signs of script execution.

curl -X POST -d 'Firstname=<script>alert(1)</script>' http://your-portal/admin/admin_user.php

• generic web: Review access and error logs for suspicious requests targeting /admin/admin_user.php containing XSS payloads. • php: Examine the source code of /admin/admin_user.php for inadequate input validation or output encoding of the Firstname, Lastname, and Username parameters.

攻击时间线

  1. Disclosure

    disclosure

  2. Patch

    patch

威胁情报

漏洞利用状态

概念验证未知
CISA KEVNO
互联网暴露

EPSS

0.13% (32% 百分位)

CVSS 向量

威胁情报· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N2.4LOWAttack VectorNetwork攻击者如何到达目标Attack ComplexityLow利用漏洞所需的条件Privileges RequiredHigh攻击所需的认证级别User InteractionRequired是否需要受害者采取行动ScopeUnchanged超出受影响组件的影响范围ConfidentialityNone敏感数据泄露风险IntegrityLow数据未授权篡改风险AvailabilityNone服务中断风险nextguardhq.com · CVSS v3.1 基础分数
这些指标意味着什么?
Attack Vector
网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
Attack Complexity
低 — 无需特殊条件,可以稳定地利用漏洞。
Privileges Required
高 — 需要管理员或特权账户。
User Interaction
需要 — 受害者必须打开文件、点击链接或访问特制页面。
Scope
未改变 — 影响仅限于脆弱组件本身。
Confidentiality
无 — 无机密性影响。
Integrity
低 — 攻击者可修改部分数据,影响有限。
Availability
无 — 无可用性影响。

受影响的软件

组件rrj-nueva-ecija-engineer-online-portal
供应商RRJ
影响范围修复版本
1.0 – 1.01.0.1

弱点分类 (CWE)

CWE-79

时间线

  1. 已保留
  2. 发布日期
  3. 修改日期
  4. EPSS 更新日期

缓解措施和替代方案翻译中…

The primary mitigation for CVE-2024-0181 is to upgrade the RRJ Nueva Ecija Engineer Online Portal to version 1.0.1 or later. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the /admin/admin_user.php page to sanitize user-supplied data. While a direct WAF rule is difficult without specific payload examples, general XSS prevention rules can offer some protection. Regularly review and update the portal's codebase to address potential security vulnerabilities.

修复方法翻译中…

Actualizar el RRJ Nueva Ecija Engineer Online Portal a una versión parcheada o implementar medidas de saneamiento de entrada en el archivo /admin/admin_user.php para evitar la ejecución de código XSS. Validar y escapar los datos de entrada de los campos Firstname, Lastname y Username antes de mostrarlos en la página.

CVE 安全通讯

漏洞分析和关键警报直接发送到您的邮箱。

常见问题翻译中…

What is CVE-2024-0181 — XSS in RRJ Nueva Ecija Engineer Online Portal?

CVE-2024-0181 is a cross-site scripting vulnerability in the RRJ Nueva Ecija Engineer Online Portal versions 1.0-1.0, allowing attackers to inject malicious scripts.

Am I affected by CVE-2024-0181 in RRJ Nueva Ecija Engineer Online Portal?

If you are running RRJ Nueva Ecija Engineer Online Portal version 1.0 or 1.0, you are potentially affected by this vulnerability.

How do I fix CVE-2024-0181 in RRJ Nueva Ecija Engineer Online Portal?

Upgrade to version 1.0.1 or later to resolve the vulnerability. Implement input validation and output encoding as a temporary workaround.

Is CVE-2024-0181 being actively exploited?

While no confirmed active exploitation campaigns have been reported, the public disclosure increases the risk of exploitation.

Where can I find the official RRJ Nueva Ecija Engineer Online Portal advisory for CVE-2024-0181?

Refer to the vendor's official website or security advisories for the most up-to-date information regarding CVE-2024-0181.

你的项目受影响吗?

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE