CVE-2024-28734

CVSS 6.1 MEDIUMEPSS 1.8%CWE-79

Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L

Produtos afetados

n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://packetstormsecurity.com/files/177619/Financials-By-Coda-Cross-Site-Scripting.html https://www.unit4.com/https://www.unit4.com/products/financial-management-software