Lucene search

CERT-PLCVELIST:CVE-2024-5961

HistoryJun 14, 2024 - 7:48 a.m.

CVE-2024-5961 Reflected XSS in 2ClickPortal

2024-06-1407:48:25

CWE-79

CERT-PL

www.cve.org

cve-2024-5961

reflected xss

2clickportal

software vulnerability

crafted url

user's browser

security issue

web page generation

5.3 Medium

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/SC:L/VI:L/SI:L/VA:L/SA:L/AU:Y/U:Clear/R:A

0.0004 Low

EPSS

Percentile

15.6%

JSON

Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user’s browser. This issue affects 2ClickPortal software versions from 7.2.31 through 7.6.4.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "2ClickPortal",
    "vendor": "Trol InterMedia Sp. z o.o. Sp. k.",
    "versions": [
      {
        "lessThanOrEqual": "7.6.4",
        "status": "affected",
        "version": "7.2.31",
        "versionType": "custom"
      }
    ]
  }
]

References

2clickportal.pl/

cert.pl/en/posts/2024/06/CVE-2024-5961/

cert.pl/posts/2024/06/CVE-2024-5961/