- Description
- DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 3.5
- Impact score
- 2.5
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
- Severity
- LOW
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-79
- Hype score
- Not currently trending
PHP Voyager flaws lead to RCE #PHPVoyager #CVE-2024-55415 #CVE-2024-55416 #CVE-2024-55417 https://t.co/GeluTmgMM4
@pravin_karthik
31 Jan 2025
114 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Laravel admin package Voyager vulnerable to one-click RCE flaw: https://t.co/jHHbFb68Dy Three vulnerabilities in the Laravel admin package Voyager could lead to remote code execution (RCE) attacks. CVE-2024-55417 allows file uploads bypassing MIME verification, CVE-2024-55416… h
@securityRSS
30 Jan 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-55416 DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascrip… https://t.co/rfQp5DRayF
@CVEnew
30 Jan 2025
284 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Laravelの管理用パッケージVoyagerにワンクリック遠隔コード実行(RCE)の未修正脆弱性。SonarSource社報告。メンテナから90日以内に応答が無かったための開示。メディアアップロードのMIME検証不備CVE-2024-55417、XSSのCVE-2024-55416、ファイルパス操作のCVE-2024-55415。 https://t.co/rVaCHJ7WMs https://t.co/mpL0cJfxqh
@__kokumoto
29 Jan 2025
660 Impressions
2 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes