Lucene search

INCIBECVE-2024-4304

HistoryApr 29, 2024 - 12:15 p.m.

CVE-2024-4304

2024-04-2912:15:07

CWE-79

INCIBE

web.nvd.nist.gov

cross-site scripting

gt3 soluciones swal

gestion documental

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

Percentile

9.0%

JSON

A Cross-Site Scripting XSS vulnerability has been detected on GT3 Soluciones SWAL. This vulnerability consists in a reflected XSS in the Titular parameter inside Gestion ‘Documental > Seguimiento de Expedientes > Alta de Expedientes’.

Affected configurations

Vulners

Vulnrichment

Node

gt3_solucionesswalRange≤2.0 (r2301)

VendorProductVersionCPE
gt3_solucionesswal*cpe:2.3:a:gt3_soluciones:swal:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gt3_soluciones	swal	*	cpe:2.3:a:gt3_soluciones:swal::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SWAL ",
    "vendor": "GT3 Soluciones",
    "versions": [
      {
        "status": "affected",
        "version": "2.0 (r2301)"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/vulnerability-swal-platform-gt3-soluciones