How severe is CVE-2022-24851?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2022-24851?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2022-24851

MEDIUM Year: 2022

CVSS v3 Score

4.8

Medium

CVSS v2 Score

3.5

Low

Weakness Type

CWE-22

View all →

Vulnerability Description

LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS payloads in the profiles, which gets triggered when any other user try to access the edit profile page. The pdf editor tool has an edit pdf profile functionality, the logoFile parameter in it is not properly sanitized and an user can enter relative paths like ../../../../../../../../../../../../../usr/share/icons/hicolor/48x48/apps/gvim.png via tools like burpsuite. Later when a pdf is exported using the edited profile the pdf icon has the image on that path(if image is present). Both issues require an attacker to be able to login to LAM admin interface. The issue is fixed in version 7.9.1.

CVE-2015-9546

MEDIUM

CVSS:4.8(Medium)

An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker ca...

CWE-222015

CVE-2020-4240

MEDIUM

CVSS:4.8(Medium)

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbit...

CWE-222020

CVE-2022-20725

MEDIUM

CVSS:4.8(Medium)

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, ex...

CWE-222022

CVE-2024-24569

MEDIUM

CVSS:4.8(Medium)

The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. `ZipSecurity#isBelowCurrentDirectory` is vulnerable to a partial-path traversal bypass. To be vulnerable ...

CWE-222024

CVE-2024-8291

MEDIUM

CVSS:4.8(Medium)

Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS...

CWE-222024

CVE-2017-10273

MEDIUM

CVSS:4.7(Medium)

Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3...

CWE-222017

CVE-2022-24851

Vulnerability Description

Related Vulnerabilities

CVE-2015-9546

CVE-2020-4240

CVE-2022-20725

CVE-2024-24569

CVE-2024-8291

CVE-2017-10273