Lucene search
TR-CERTCVE-2024-4754HistoryJun 24, 2024 - 9:15 a.m.
CVE-2024-4754
2024-06-2409:15:10
CWE-79
TR-CERT
web.nvd.nist.gov
22
cve-2024-4754
cross-site scripting
next4biz crm
business process management
stored xss
software vulnerability
web page generation
version 6.6.4.4 to 6.6.4.5
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0
Percentile
14.1%
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Stored XSS.This issue affects Business Process Manangement (BPM): from 6.6.4.4 before 6.6.4.5.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Business Process Manangement (BPM)",
"vendor": "Next4Biz CRM & BPM Software",
"versions": [
{
"lessThan": "6.6.4.5",
"status": "affected",
"version": "6.6.4.4",
"versionType": "custom"
}
]
}
]References
Related
nvd
nvd
CVE-2024-4754
2024-06-24 09:15:10
cvelist
cvelist
CVE-2024-4754 Stored XSS in Next4Biz's BPM
2024-06-24 09:01:13
vulnrichment
vulnrichment
CVE-2024-4754 Stored XSS in Next4Biz's BPM
2024-06-24 09:01:13
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0
Percentile
14.1%
Related for CVE-2024-4754