Podatność CVE-2024-46409


Publikacja: 2024-10-04

Opis:
A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
Low
SeedDMS 6.0.28 Cross Site Scripting
Marco Nappi
02.10.2024

Typ:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 Referencje:
https://demo6.seeddms.org/out/out.LogManagement.php?logname=20240831.log
https://packetstormsecurity.com/files/181974/SeedDMS-6.0.28-Cross-Site-Scripting.html

Copyright 2024, cxsecurity.com

 

Back to Top