Kaspersky Advisory

K-NetCat-2024-003 Netcat CMS: multiple reflected cross-site scripting vulnerabilities in netshop module

Affected Hardware/Software

NetCat CMS with netshop module v. 6.4.0.24126.2 and possibly others

Severity level

Impact: The vulnerability may allow to execution of javascript code on the site on behalf of the attacked user.

Access Vector: Remote

CVSS v4 Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

CVSS v4 Score

5.9

CVE ID

CVE-2024-8653

Vulnerability description

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site.

Remediation

Apply patch from vendor https://netcat.ru/. Versions 6.4.0.24248 and on have the patch.

Acknowledgements

The vulnerability was discovered by Evgeny Velikoivanenko from Kaspersky (https://kaspersky.com)

References

https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-003.md https://www.cve.org/CVERecord?id=CVE-2024-8653

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

K-NetCat-2024-003.md

K-NetCat-2024-003.md

Kaspersky Advisory

K-NetCat-2024-003 Netcat CMS: multiple reflected cross-site scripting vulnerabilities in netshop module

Affected Hardware/Software

Severity level

CVSS v4 Vector

CVSS v4 Score

CVE ID

Vulnerability description

Remediation

Acknowledgements

References

Files

K-NetCat-2024-003.md

Latest commit

History

K-NetCat-2024-003.md

File metadata and controls

Kaspersky Advisory

K-NetCat-2024-003 Netcat CMS: multiple reflected cross-site scripting vulnerabilities in netshop module

Affected Hardware/Software

Severity level

CVSS v4 Vector

CVSS v4 Score

CVE ID

Vulnerability description

Remediation

Acknowledgements

References