{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T08:25:34.741","vulnerabilities":[{"cve":{"id":"CVE-2024-25155","sourceIdentifier":"df4dee71-de3a-4139-9588-11b62fe6c0ff","published":"2024-03-13T15:15:51.700","lastModified":"2025-01-21T18:59:03.507","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag. "},{"lang":"es","value":"En FileCatalyst Direct 3.8.8 y versiones anteriores hasta 3.8.6, el servidor web no sanitiza adecuadamente los caracteres ilegales en una URL que luego se muestra en una página de error posterior. Un actor malicioso podría crear una URL que luego ejecutaría código arbitrario dentro de una etiqueta de script HTML."}],"metrics":{"cvssMetricV31":[{"source":"df4dee71-de3a-4139-9588-11b62fe6c0ff","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"df4dee71-de3a-4139-9588-11b62fe6c0ff","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortra:filecatalyst_direct:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.8.9","matchCriteriaId":"2EA4E6F4-4EA7-436E-A53C-85FDFBD518C6"}]}]}],"references":[{"url":"https://filecatalyst.software/public/filecatalyst/Direct/3.8.9.90/whatsnew_direct.html","source":"df4dee71-de3a-4139-9588-11b62fe6c0ff","tags":["Release Notes"]},{"url":"https://www.fortra.com/security/advisory/fi-2024-003","source":"df4dee71-de3a-4139-9588-11b62fe6c0ff","tags":["Vendor Advisory"]},{"url":"https://filecatalyst.software/public/filecatalyst/Direct/3.8.9.90/whatsnew_direct.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://www.fortra.com/security/advisory/fi-2024-003","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}