Skip to content

Add CVE-2024-39646 (Updated CVEs) #14244

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pussycat0x merged 4 commits into from
Dec 9, 2025
Merged

Add CVE-2024-39646 (Updated CVEs) #14244

pussycat0x merged 4 commits into from
Dec 9, 2025

Conversation

@Sourabh-Sahu
Copy link
Contributor

@Sourabh-Sahu Sourabh-Sahu commented Dec 5, 2025
edited
Loading

Add CVE-2024-39646

Improper Neutralization of Input During Web Page Generation (XSS) in Custom 404 Pro <= 3.11.1.

  • Fixed CVE-2020-XXX / Added CVE-2020-XXX / Updated CVE-2020-XXX
  • References:

Template validation

  • Validated with a host running a vulnerable version and/or configuration (True Positive)
  • Validated with a host running a patched version and/or configuration (avoid False Positive)
$ nuclei -u https://192.168.2.180/wordpress -t CVE-2024-39646.yaml -var username=admin -var password=admin -debug

debug.txt

Additional References:

@Sourabh-Sahu Sourabh-Sahu changed the title Add CVE-2024-39646 Add CVE-2024-39646 (Updated CVEs) Dec 5, 2025
@github-actions github-actions bot requested a review from pussycat0x December 5, 2025 10:32
@DhiyaneshGeek
Copy link
Member

DhiyaneshGeek commented Dec 8, 2025

Hi @Sourabh-Sahu

As part of the bounty program, we’re closing this report for the following reason: the submitted CVE requires prerequisite data to exploit. Our program scope only covers vulnerabilities that are fully unauthenticated and independently verifiable using JS and HTTP templates.

Thanks for the submission and understanding.

@DhiyaneshGeek DhiyaneshGeek added the Done Ready to merge label Dec 8, 2025
@DhiyaneshGeek DhiyaneshGeek reopened this Dec 8, 2025
@DhiyaneshGeek DhiyaneshGeek removed the Done Ready to merge label Dec 8, 2025
@DhiyaneshGeek
Revise CVE-2024-39646 details and scores
5d00b9b 
Updated CVE-2024-39646.yaml with new impact, remediation, and CVSS scores.
@DhiyaneshGeek DhiyaneshGeek added the Done Ready to merge label Dec 9, 2025
@pussycat0x
Copy link
Contributor

pussycat0x commented Dec 9, 2025

Hi @saharshtapi, Thank you for sharing this template with the community and for your contribution to this project. Your efforts are greatly appreciated. Cheers!

@pussycat0x pussycat0x merged commit a5585f3 into projectdiscovery:main Dec 9, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pussycat0x pussycat0x pussycat0x approved these changes

Assignees

@DhiyaneshGeek DhiyaneshGeek

Labels

Done Ready to merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Sourabh-Sahu @DhiyaneshGeek @pussycat0x