CVE-2024-42904 | SysPass 3.2.x ClientController.php name cross site scripting

Inserito da Angelo Barbosa | Set 3, 2024 | CVE

A vulnerability, which was classified as problematic, was found in SysPass 3.2.x. Affected is an unknown function of the file /Controllers/ClientController.php. The manipulation of the argument name leads to cross site scripting.

This vulnerability is traded as CVE-2024-42904. It is possible to launch the attack remotely. There is no exploit available.

CVE-2024-42904 | SysPass 3.2.x ClientController.php name cross site scripting

Post correlati

CVE-2023-7203 | Smart Forms Plugin up to 2.6.86 on WordPress AJAX Action cross-site request forgery

CVE-2024-38567 | Linux Kernel up to 6.9.2 drivers/usb/core/urb.c denial of service

CVE-2023-49836 | Cookie Bar Plugin up to 2.0 on WordPress Setting cross site scripting

CVE-2024-38525 | DataDog dd-trace-cpp up to 0.2.1 denial of service (GHSA-rf3p-mg22-qv6w)