{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T23:29:36.879","vulnerabilities":[{"cve":{"id":"CVE-2024-11986","sourceIdentifier":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","published":"2024-12-13T14:15:21.207","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scripting'."},{"lang":"es","value":"El manejo inadecuado de la entrada en el 'Host Header' permite que un atacante no autenticado almacene un payload en los registros de la aplicación web. Cuando un administrador ve los registros mediante la funcionalidad estándar de la aplicación, permite la ejecución de el payload, lo que da como resultado XSS almacenado o 'Cross-Site Scripting'."}],"metrics":{"cvssMetricV31":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}]},"weaknesses":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://crushftp.com/crush11wiki/Wiki.jsp?page=Update","source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"}]}}]}