CVE-2024-54451 | Kurmi Provisioning Suite up to 7.9.0.34/7.10.0.18/7.11.0.15 graphicCustomization.do COMPONENT_fields cross site scripting

Posted by Angelo Barbosa | Dec 27, 2024 | CVE

A vulnerability was found in Kurmi Provisioning Suite up to 7.9.0.34/7.10.0.18/7.11.0.15 and classified as problematic. Affected by this issue is some unknown functionality of the file graphicCustomization.do. The manipulation of the argument COMPONENT_fields leads to cross site scripting.

This vulnerability is handled as CVE-2024-54451. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-54451 | Kurmi Provisioning Suite up to 7.9.0.34/7.10.0.18/7.11.0.15 graphicCustomization.do COMPONENT_fields cross site scripting

Related Posts

CVE-2024-27896 | Huawei HarmonyOS/EMUI Log Module input validation

CVE-2024-0719 | Tabs Shortcode and Widget Plugin up to 1.17 on WordPress cross site scripting

CVE-2024-1254 | Beijing Baichuo Smart S20 Management Platform up to 20231120 sysmanageajax.php id sql injection

CVE-2024-4519 | Campcodes Complete Web-Based School Management 1.0 teacher_salary_details3.php month cross site scripting