CVE-2024-50623

Oct. 28, 2024, 9:15 p.m.

Product(s) Impacted

Cleo Harmony

  • before 5.8.0.20

VLTrader

  • before 5.8.0.20

LexiCom

  • before 5.8.0.20

Description

In Cleo Harmony before 5.8.0.20, VLTrader before 5.8.0.20, and LexiCom before 5.8.0.20, there is a JavaScript Injection vulnerability: unrestricted file upload and download could lead to remote code execution.

Weaknesses

Date

Published: Oct. 28, 2024, 12:15 a.m.

Last Modified: Oct. 28, 2024, 9:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References