CVE-2024-7709— OcoMon URL require_access_recovery.php cross site scripting

CVSS 4.3 · Medium EPSS 0.23% · P45 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-7709

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

OcoMon URL require_access_recovery.php cross site scripting

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1. This issue affects some unknown processing of the file /includes/common/require_access_recovery.php of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.1 and 5.0 is able to address this issue. It is recommended to upgrade the affected component.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Source: NVD (National Vulnerability Database)

Vulnerability Title

OcoMon 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

OcoMon是Rafael Foster个人开发者的一个帮助台系统。旨在管理支持票证和计算机设备的集成库存控制。 OcoMon 4.0版本存在安全漏洞，该漏洞源于文件/includes/common/require_access_recovery.php的未知处理会导致跨站脚本。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	OcoMon	4.0	-

II. Public POCs for CVE-2024-7709

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-7709

请登录查看更多情报信息。

https://ocomon.com.br/site/atualizacao-de-seguranca/related
https://ocomon.com.br/site/downloads/patch
https://vuldb.com/?ctiid.274205signaturepermissions-required
Submit #388843: OcoMon Software 4.0 Cross Site Scriptingthird-party-advisory
CVE-2024-7709 OcoMon URL require_access_recovery.php cross site scriptingvdb-entry
https://nvd.nist.gov/vuln/detail/CVE-2024-7709

Same Patch Batch · n/a · 2024-08-13 · 13 CVEs total

CVE-2024-7733	3.5 LOW	FastCMS New Article Category Page cross site scripting
CVE-2024-41623		D3D D8801 安全漏洞
CVE-2024-42736		TOTOLINK X5000R 安全漏洞
CVE-2024-42740		TOTOLINK X5000R 安全漏洞
CVE-2024-42737		TOTOLINK X5000R 操作系统命令注入漏洞
CVE-2024-42738		TOTOLINK X5000R 操作系统命令注入漏洞
CVE-2024-42739		TOTOLINK X5000R 操作系统命令注入漏洞
CVE-2024-41711		Mitel 6800 Series 安全漏洞
CVE-2024-41613		Symphony CMS 安全漏洞
CVE-2024-41614		Symphony CMS 安全漏洞
CVE-2024-37015		Ada Web Server 安全漏洞
CVE-2024-36446		Mitel MiVoice MX-ONE 安全漏洞

IV. Related Vulnerabilities

Same vendor: n/a

Same weakness: CWE-79

V. Comments for CVE-2024-7709

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-7709— OcoMon URL require_access_recovery.php cross site scripting

I. Basic Information for CVE-2024-7709

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-7709

III. Intelligence Information for CVE-2024-7709

Same Patch Batch · n/a · 2024-08-13 · 13 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-7709

Leave a comment