Today > 5 Critical | 14 High | 14 Medium | 4 Low vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-11304

Nov. 21, 2024, 10:15 p.m.

Product(s) Impacted

SEH Computertechnik utnserver Pro

  • 20.1.22
  • below

SEH Computertechnik utnserver ProMAX

  • 20.1.22
  • below

SEH Computertechnik INU-100

  • 20.1.22
  • below

Description

Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS). This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.

Weaknesses

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CWE ID: 79

Date

Published: Nov. 18, 2024, 3:15 p.m.

Last Modified: Nov. 21, 2024, 10:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

office@cyberdanube.com

References

https://cyberdanube.com/ office@cyberdanube.com

http://seclists.org/ af854a3a-2127-422b-91ae-364da2661108