CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-25801

SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Unlike in CVE-2024-25802, the attack payload is in the name (not the content) of a file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 21.1%

CVSS Severity

CVSS v3 Score 6.1

References

https://shrouded-trowel-50c.notion.site/S-Museum-Version-7-02-3-Stored-Cross-Site-Scripting-69ca7b8805cc448ea12cb8f7ed571fa3?pvs=4
https://shrouded-trowel-50c.notion.site/S-Museum-Version-7-02-3-Stored-Cross-Site-Scripting-69ca7b8805cc448ea12cb8f7ed571fa3?pvs=4

Products affected by CVE-2024-25801

Skinsoft » S-Museum » Version: 7.02.3

cpe:2.3:a:skinsoft:s-museum:7.02.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-25801

Products

Pricing

Contact Us