Strix
26.1K

CVE-2024-43381

MEDIUMCVSS 5.4/10EPSS 0.42%

Last modified

CVE-2024-43381 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. EPSS estimates a 0.42% chance of exploitation in the next 30 days.

Description

reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of malicious scripts in the reNgine's dashboard view when any user views the scan results. The XSS payload is directly fetched from the DNS record of the remote target domain. Consequently, an attacker can execute the attack without requiring any additional input from the target or the reNgine user. A patch is available and expected to be part of version 2.1.3.

Metrics

CVSS 3.1
5.4/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Probability
0.42%

33.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
YogeshojhaRengine< 2.1.3

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-43381?
reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain's DNS record contains an XSS payload, it leads to the execution of malicious scripts in the reNgine's dashboard view when any user views the scan results. The XSS payload is directly fetched from the DNS record of the remote target domain. Consequently, an attacker can execute the attack without requiring any additional input from the target or the reNgine user. A patch is available and expected to be part of version 2.1.3.
How severe is CVE-2024-43381?
CVE-2024-43381 has a CVSS score of 5.4/10 (MEDIUM severity). The EPSS model estimates a 0.42% probability of exploitation in the next 30 days.
How do I fix CVE-2024-43381?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-43381?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST