Wavelog up to 1.8.0 Live QSO Manual Input XSS Vulnerability (CVE-2024-8521)

Key Information 1. Vulnerability ID: - VDB-276726 - CVE-2024-8521 2. Vulnerability Name: - Wavelog up to 1.8.0 Live QSO/QSO Index Manual Cross Site Scripting 3. CVSS Meta Temp Score: - 4.1 4. Current Vulnerability Price: - $0-$5k 5. CTI Interest Score: - 4.07 6. Affected Component: - Wavelog up to 1.8.0 - Live QSO 7. Affected Function: - of the file 8. Vulnerability Description: - The vulnerability arises from improper handling of the parameter in the function, leading to a Cross-Site Scripting (XSS) attack due to unvalidated input. 9. Impact: - Affects the Live QSO component of the file. - Allows remote attackers to exploit unvalidated input. 10. Remediation: - Upgrade to version 1.8.1 to resolve the issue. - A patch is available for download from GitHub. - Best mitigation is to upgrade to the latest version. 11. Vulnerability Disclosure: - The vulnerability has been publicly disclosed. - Successful exploitation requires user interaction. - Technical details and public exploitation are known. 12. Exploit Availability: - Exploit code is publicly available. - The exploit is marked as "proof-of-concept". 13. CVE ID: - CVE-2024-8521 14. MITRE ATT&CK Mapping: - The vulnerability is mapped to T1059.007 by MITRE ATT&CK. 15. Affected Versions: - Wavelog up to 1.8.0 16. Related Vulnerability IDs: - VDB-230082 - VDB-248221 - VDB-250585 - VDB-250587 Summary This vulnerability is a Cross-Site Scripting (XSS) flaw affecting the Wavelog up to 1.8.0 Live QSO/QSO Index component. The exploit is straightforward, requires no authentication, and technical details are publicly available. Users are advised to upgrade to version 1.8.1 or apply the available patch to mitigate the issue.

Goal Reached Thanks to every supporter — we hit 100%!

Wavelog up to 1.8.0 Live QSO Manual Input XSS Vulnerability (CVE-2024-8521)