Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
CemiPark
- 4.5
- 4.7
- 5.03
Source
cvd@cert.pl
Tags
CVE-2024-4424 details
Published : May 14, 2024, 3:43 p.m.
Last Modified : May 14, 2024, 4:11 p.m.
Last Modified : May 14, 2024, 4:11 p.m.
Description
The access control in CemiPark software does not properly validate user-entered data, which allows the stored cross-site scripting (XSS) attack. The parameters used to enter data into the system do not have appropriate validation, which makes possible to smuggle in HTML/JavaScript code. This code will be executed in the user's browser space.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| http://cemi.pl/ | cvd@cert.pl |
| https://cert.pl/en/posts/2024/05/CVE-2024-4423/ | cvd@cert.pl |
| https://cert.pl/posts/2024/05/CVE-2024-4423/ | cvd@cert.pl |
This website uses the NVD API, but is not approved or certified by it.