Lucene search

INCIBECVELIST:CVE-2024-4174

HistoryApr 25, 2024 - 11:44 a.m.

CVE-2024-4174 Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server

2024-04-2511:44:30

CWE-79

INCIBE

www.cve.org

cve-2024-4174

cross-site scripting

hyperion web server

version 2.0.15

client-side injection

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

Percentile

9.0%

JSON

Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server affecting version 2.0.15. This vulnerability could allow an attacker to execute malicious Javascript code on the client by injecting that code into the URL.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Hyperion Web Server",
    "vendor": "Hyperion",
    "versions": [
      {
        "status": "affected",
        "version": "2.0.15"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hyperion-web-server

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-4174