Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-7873

Sept. 20, 2024, 12:30 p.m.

Product(s) Impacted

Veribilim Software Veribase Order

  • before v4.010.3

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - 83 Improper Neutralization of Script in Attributes in a Web Page vulnerability in Veribilim Software Veribase Order allows Stored XSS, Cross-Site Scripting (XSS), Exploit Script-Based APIs, XSS Through HTTP Headers.This issue affects Veribase Order: before v4.010.3.

Weaknesses

CWE-116
Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

CWE ID: 116

Date

Published: Sept. 17, 2024, 1:15 p.m.

Last Modified: Sept. 20, 2024, 12:30 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

iletisim@usom.gov.tr

References

https://www.usom.gov.tr/ iletisim@usom.gov.tr