TR-CERTCVELIST:CVE-2024-4754CVE-2024-4754 Stored XSS in Next4Biz's BPM
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
14.2%
Improper Neutralization of Input During Web Page Generation (βCross-site Scriptingβ) vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Stored XSS.This issue affects Business Process Manangement (BPM): from 6.6.4.4 before 6.6.4.5.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Business Process Manangement (BPM)",
"vendor": "Next4Biz CRM & BPM Software",
"versions": [
{
"lessThan": "6.6.4.5",
"status": "affected",
"version": "6.6.4.4",
"versionType": "custom"
}
]
}
]References
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
14.2%