← volver
CVE-2024-36494

Reflected Cross Site Scripting

CVSS 4.7 MEDIUMEPSS 0.5%CWE-79
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The login page at /cgi/slogin.cgi suffers from XSS due to improper input filtering of the -tsetup+-uuser parameter, which can only be exploited if the target user is not already logged in. This makes it ideal for login form phishing attempts.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Productos afectados
Image Access GmbH · Scan2Net

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://seclists.org/fulldisclosure/2024/Dec/2https://r.sec-consult.com/imageaccesshttps://www.imageaccess.de/?page=SupportPortal&lang=en