CVE-2024-6415 | Ingenico Estate Manager 2023 New Widget URL cross site scripting

A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL leads to cross site scripting.

This vulnerability is known as CVE-2024-6415. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-6415 | Ingenico Estate Manager 2023 New Widget URL cross site scripting

Post correlati

CVE-2024-24764 | October CMS up to 3.5.14 october Schema redirect (GHSA-v2vf-jv88-3fp5)

CVE-2024-4745 | RafflePress Giveaways and Contests Plugin up to 1.12.4 on WordPress authorization

CVE-2023-51094 | Tenda M3 1.0.0.12(4856) TendaTelnet Privilege Escalation

CVE-2022-32931 | Apple macOS Sandbox access control