CVE-2024-28287
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-28287
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A DOM-based open redirection in the returnUrl parameter of INSTINCT UI Web Client 6.5.0 allows attackers to redirect users to malicious sites via a crafted URL.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
GBG Instinct 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GBG Instinct是GBG公司的一款先进的反欺诈和合规管理解决方案。 GBG Instinct UI Web Client 6.5.0版本存在安全漏洞,该漏洞源于returnUrl 参数中存在开放重定向漏洞,允许攻击者通过精心设计的 URL 将用户重定向到恶意站点。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2024-28287
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-28287
请登录查看更多情报信息。
Same Patch Batch · n/a · 2024-04-02 · 35 CVEs total
| CVE-2024-22246 | 7.4 HIGH | VMware SD-WAN 安全漏洞 |
| CVE-2024-3204 | 7.3 HIGH | c-blosc2 ndlz4x4.c ndlz4_decompress heap-based overflow |
| CVE-2024-3203 | 7.3 HIGH | c-blosc2 ndlz8x8.c ndlz8_decompress heap-based overflow |
| CVE-2024-22248 | 7.1 HIGH | VMware SD-WAN Orchestrator 安全漏洞 |
| CVE-2024-3148 | 6.3 MEDIUM | DedeCMS makehtml_archives_action.php sql injection |
| CVE-2024-3209 | 5.5 MEDIUM | UPX bele.h get_ne64 heap-based overflow |
| CVE-2024-22247 | 4.8 MEDIUM | VMware SD-WAN 安全漏洞 |
| CVE-2024-3147 | 4.3 MEDIUM | DedeCMS makehtml_map.php cross-site request forgery |
| CVE-2024-3143 | 4.3 MEDIUM | DedeCMS member_rank.php cross-site request forgery |
| CVE-2024-3144 | 4.3 MEDIUM | DedeCMS makehtml_spec.php cross-site request forgery |
| CVE-2024-3145 | 4.3 MEDIUM | DedeCMS makehtml_js_action.php cross-site request forgery |
| CVE-2024-3146 | 4.3 MEDIUM | DedeCMS makehtml_rss_action.php cross-site request forgery |
| CVE-2024-27602 | ALLDATA 安全漏洞 | |
| CVE-2024-29434 | ALLDATA 安全漏洞 | |
| CVE-2024-29432 | ALLDATA SQL注入漏洞 | |
| CVE-2024-27605 | ALLDATA 安全漏洞 | |
| CVE-2024-27604 | ALLDATA 安全漏洞 | |
| CVE-2024-30946 | Desdev DedeCMS 安全漏洞 | |
| CVE-2024-29276 | seeyonOA 安全漏洞 | |
| CVE-2024-31002 | Bento4 安全漏洞 |
Showing top 20 of 35 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2024-28287
No comments yet