CVE-2024-12346 | Talentera up to 20241128 byt_cv_manager redirect_url cross site scripting

A vulnerability has been found in Talentera up to 20241128 and classified as problematic. This vulnerability affects unknown code of the file /app/control/byt_cv_manager. The manipulation of the argument redirect_url leads to cross site scripting.

This vulnerability was named CVE-2024-12346. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

The provided PoC only works in Mozilla Firefox. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-12346 | Talentera up to 20241128 byt_cv_manager redirect_url cross site scripting

Post correlati

CVE-2024-6657 | Silabs EFR32 BLE SDK up to 7.1.1/8.0.0 incorrect synchronization

CVE-2024-39123 | janeczku Calibre-Web up to 0.6.21 edit_book_comments cross site scripting

CVE-2024-39685 | FishAudio Bert-VITS2 up to 2.3 resample data_dir os command injection (GHSL-2024-045)

CVE-2023-50976 | Redpanda up to 23.1.20/23.2.17 Transactions API authorization (Issue 15048)