CVE-2024-6415 | Ingenico Estate Manager 2023 New Widget URL cross site scripting

A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL leads to cross site scripting.

This vulnerability is known as CVE-2024-6415. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-6415 | Ingenico Estate Manager 2023 New Widget URL cross site scripting

Post correlati

CVE-2024-39558 | Juniper Networks Junos OS/Junos OS Evolved Routing Protocol Daemon return value (JSA83018)

CVE-2024-5149 | BuddyForms Plugin up to 2.8.9 on WordPress Email Verification random values

CVE-2024-24811 | zopefoundation SQLAlchemyDA up to 2.1 sql injection (GHSA-r3jc-3qmm-w3pw)

CVE-2024-7305 | Autodesk AutoCAD 2025 DWF File AdDwfPdk.dll out-of-bounds write