Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
InstaRISPACS
Source
vdisclose@cert-in.org.in
Tags
CVE-2024-2259 details
Published : Aug. 13, 2024, 11:15 a.m.
Last Modified : Aug. 13, 2024, 12:58 p.m.
Last Modified : Aug. 13, 2024, 12:58 p.m.
Description
This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. A remote attacker could exploit this vulnerability by sending a specially crafted input to the vulnerable parameter to perform reflected Cross Site Scripting (XSS) attacks on the targeted system.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
References
| URL | Source |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0241 | vdisclose@cert-in.org.in |
This website uses the NVD API, but is not approved or certified by it.