CVE-2024-8783

MEDIUM EPSS 30.5%
Published Sep 13, 20241y ago · Modified Jun 17, 20261w ago
5.3 CVSS 4.0
Medium
Find Similar
Published Sep 13, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Affected is an unknown function of the file system/pages/forum/new_post.php of the component Post Reply Handler. The manipulation of the argument post_topic leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c. It is recommended to apply a patch to fix this issue.

CVSS Details

Base Score
5.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
30.5% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
opentibiabrmyaac* ≤0.8.16

References 6

  • github.com https://github.com/opentibiabr/myaac/issues/121
    Exploit
  • github.com https://github.com/opentibiabr/myaac/pull/122
    Issue TrackingPatch
  • github.com https://github.com/opentibiabr/myaac/pull/122/commits/bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c
    Patch
  • vuldb.com https://vuldb.com/?ctiid.277434
    Permissions Required
  • vuldb.com https://vuldb.com/?id.277434
    Permissions Required
  • vuldb.com https://vuldb.com/?submit.406368
    Third Party Advisory

Remediation

  • github.com https://github.com/opentibiabr/myaac/pull/122
    Issue TrackingPatch
  • github.com https://github.com/opentibiabr/myaac/pull/122/commits/bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c
    Patch