CVE-2024-36076

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-36076

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36076.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-36076

Related

GHSA-2vfc-3h43-vghh

Published

2024-05-19T20:15:07Z

Modified

2025-05-28T10:39:21.000618Z

Summary

[none]

Details

Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser session.

References

Affected packages

Git / github.com/syslifters/sysreptor

Affected ranges

Type: GIT
Repo: https://github.com/syslifters/sysreptor
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5e3b750ed7d5f57459b5e7d411aa67cf31a639d1

Fixed

5e3b750ed7d5f57459b5e7d411aa67cf31a639d1

Affected versions

0.*

0.101

0.102

0.110

0.83

0.87

0.89

0.95

0.96

2023.*

2023.114

2023.119

2023.122

2023.128

2023.136

2023.142

2023.145

2024.*

2024.1

2024.10

2024.13

2024.16

2024.19

2024.20

2024.28

2024.29

2024.3

2024.30

2024.8