CVE-2024-8783

Summary

A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Affected is an unknown function of the file system/pages/forum/new_post.php of the component Post Reply Handler. The manipulation of the argument post_topic leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as bf6ae3df0d32fa22552bb44ca4f8489a6e78cc1c. It is recommended to apply a patch to fix this issue.

Affected Software

VendorProductVersion RangeStatus
OpenTibiaBRMyAAC0.8.0affected
OpenTibiaBRMyAAC0.8.1affected
OpenTibiaBRMyAAC0.8.2affected
OpenTibiaBRMyAAC0.8.3affected
OpenTibiaBRMyAAC0.8.4affected
OpenTibiaBRMyAAC0.8.5affected
OpenTibiaBRMyAAC0.8.6affected
OpenTibiaBRMyAAC0.8.7affected
OpenTibiaBRMyAAC0.8.8affected
OpenTibiaBRMyAAC0.8.9affected
OpenTibiaBRMyAAC0.8.10affected
OpenTibiaBRMyAAC0.8.11affected
OpenTibiaBRMyAAC0.8.12affected
OpenTibiaBRMyAAC0.8.13affected
OpenTibiaBRMyAAC0.8.14affected
OpenTibiaBRMyAAC0.8.15affected
OpenTibiaBRMyAAC0.8.16affected

Weaknesses

  • CWE-79: Cross Site Scripting

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References