Lucene search

[email protected]CVE-2024-5961

HistoryJun 14, 2024 - 8:15 a.m.

CVE-2024-5961

2024-06-1408:15:42

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-5961

web page generation

reflected cross-site scripting

input neutralization

5.3 Medium

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/SC:L/VI:L/SI:L/VA:L/SA:L/AU:Y/U:Clear/R:A

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user’s browser. This issue affects 2ClickPortal software versions from 7.2.31 through 7.6.4.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "2ClickPortal",
    "vendor": "Trol InterMedia Sp. z o.o. Sp. k.",
    "versions": [
      {
        "lessThanOrEqual": "7.6.4",
        "status": "affected",
        "version": "7.2.31",
        "versionType": "custom"
      }
    ]
  }
]

References

2clickportal.pl/

cert.pl/en/posts/2024/06/CVE-2024-5961/

cert.pl/posts/2024/06/CVE-2024-5961/