Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-4424

May 14, 2024, 4:11 p.m.

Tags

CWE-79
cvd@cert.pl
2024-05-14
CVE-2024-4424

Product(s) Impacted

CemiPark

  • 4.5
  • 4.7
  • 5.03

Description

The access control in CemiPark software does not properly validate user-entered data, which allows the stored cross-site scripting (XSS) attack. The parameters used to enter data into the system do not have appropriate validation, which makes possible to smuggle in HTML/JavaScript code. This code will be executed in the user's browser space.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.

Weaknesses

Date

Published: May 14, 2024, 3:43 p.m.

Last Modified: May 14, 2024, 4:11 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cvd@cert.pl

References

http://cemi.pl/ cvd@cert.pl
https://cert.pl/ cvd@cert.pl
https://cert.pl/ cvd@cert.pl