CVE-2024-28734

CVSS 6.1 MEDIUMEPSS 1.8%CWE-79

Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L

Productos afectados

n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://packetstormsecurity.com/files/177619/Financials-By-Coda-Cross-Site-Scripting.html https://www.unit4.com/https://www.unit4.com/products/financial-management-software