CVE-2024-0758 - Vulnerability Details - OpenCVE

MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ipb-halle	Molecularfaces

Configuration 1 [-]

cpe:2.3:a:ipb-halle:molecularfaces:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/advisories/GHSA-2pwh-52h7-7j84
https://github.com/ipb-halle/MolecularFaces/security/advisories/GHSA-2pwh-52h7-7j84
https://vulncheck.com/advisories/vc-advisory-GHSA-2pwh-52h7-7j84

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2024-01-19T20:19:40.558Z

Updated: 2024-08-01T18:18:18.652Z

Reserved: 2024-01-19T17:35:18.459Z

Link: CVE-2024-0758

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-19T21:15:09.600

Modified: 2024-11-21T08:47:18.590

Link: CVE-2024-0758

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0758", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2024-01-19T17:35:18.459Z", "datePublished": "2024-01-19T20:19:40.558Z", "dateUpdated": "2024-08-01T18:18:18.652Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected", "packageName": "de.ipb-halle:molecularfaces", "versions": [{"lessThan": "0.3.0", "status": "affected", "version": "0", "versionType": "maven"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles.<br></p>"}], "value": "MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles.\n\n\n"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2024-01-19T20:19:40.558Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://github.com/ipb-halle/MolecularFaces/security/advisories/GHSA-2pwh-52h7-7j84"}, {"tags": ["third-party-advisory"], "url": "https://github.com/advisories/GHSA-2pwh-52h7-7j84"}, {"tags": ["third-party-advisory"], "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-2pwh-52h7-7j84"}], "source": {"discovery": "INTERNAL"}, "title": "MolecularFaces XSS"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:18:18.652Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://github.com/ipb-halle/MolecularFaces/security/advisories/GHSA-2pwh-52h7-7j84"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://github.com/advisories/GHSA-2pwh-52h7-7j84"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-2pwh-52h7-7j84"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ipb-halle:molecularfaces:*:*:*:*:*:*:*:*", "matchCriteriaId": "D088D106-C946-4483-BAB7-BDF8B4153563", "versionEndExcluding": "0.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles.\n\n\n"}, {"lang": "es", "value": "MolecularFaces anteriores a 0.3.0 son vulnerables a cross site scripting. Un atacante remoto puede ejecutar JavaScript arbitrario en el contexto del navegador de la v\u00edctima a trav\u00e9s de archivos mol manipulados."}], "id": "CVE-2024-0758", "lastModified": "2024-11-21T08:47:18.590", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-19T21:15:09.600", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://github.com/advisories/GHSA-2pwh-52h7-7j84"}, {"source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ipb-halle/MolecularFaces/security/advisories/GHSA-2pwh-52h7-7j84"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-2pwh-52h7-7j84"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/advisories/GHSA-2pwh-52h7-7j84"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/ipb-halle/MolecularFaces/security/advisories/GHSA-2pwh-52h7-7j84"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-2pwh-52h7-7j84"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}