Back

CVE-2024-4327

April 30, 2024, 1:11 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Apryse WebViewer

  • up to 10.8.0

Source

cna@vuldb.com

Tags

CVE-2024-4327 details

Published : April 30, 2024, 1:15 a.m.
Last Modified : April 30, 2024, 1:11 p.m.

Description

A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.9 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-262419. NOTE: The vendor was contacted early about this disclosure and explains that the documentation recommends a strict Content Security Policy and the issue was fixed in release 10.9.

CVSS Score

1 2 3.5 4 5 6 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

Base Score

3.5

Exploitability Score

Impact Score

Base Severity

LOW

Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

References

URL Source
https://1drv.ms/b/s!AqJ7dHWS4CD_l0acw2hDjgo-C2zC?e=DOGPmq cna@vuldb.com
https://docs.apryse.com/documentation/web/faq/content-security-policy/#recommended-policy cna@vuldb.com
https://vuldb.com/?ctiid.262419 cna@vuldb.com
https://vuldb.com/?id.262419 cna@vuldb.com
https://vuldb.com/?submit.321231 cna@vuldb.com
This website uses the NVD API, but is not approved or certified by it.