Vulnerability CVE-2024-42831
Published: 2024-10-07

Description:
A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a crafted payload into the dialog parameter at wrapper_dialog.php.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Elaine's Realtime CRM Automation 6.18.17 Cross Site Scripting
Haythem Arfaoui
24.09.2024
Low
Elaine's Realtime CRM Automation 6.18.17 Cross Site Scripting
Haythem Arfaoui
26.09.2024

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
http://elaine.com
http://realtime.com
https://seclists.org/fulldisclosure/2024/Sep/49
Copyright 2024, cxsecurity.com

 

Back to Top