{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T18:41:13.456","vulnerabilities":[{"cve":{"id":"CVE-2024-3448","sourceIdentifier":"vulnerability@ncsc.ch","published":"2024-04-10T14:15:07.937","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Users with low privileges can perform certain AJAX actions.  In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available.\n\n"},{"lang":"es","value":"Los usuarios con pocos privilegios pueden realizar ciertas acciones AJAX. En este caso de vulnerabilidad, el acceso inadecuado a ajax?action=plugin:focus:checkIframeAvailability conduce a Server-Side Request Forgery al analizar los mensajes de error devueltos desde el back-end. Permitir que un atacante realice un escaneo de puertos en el back-end. En el momento de publicación del CVE no hay ningún parche disponible."}],"metrics":{"cvssMetricV31":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}]},"weaknesses":[{"source":"vulnerability@ncsc.ch","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://huntr.com/bounties/4d72d300-92d6-4e3c-93d8-52fe47396ae0","source":"vulnerability@ncsc.ch"},{"url":"https://huntr.com/bounties/4d72d300-92d6-4e3c-93d8-52fe47396ae0","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}