6 matches found
CVE-2024-56882
Sage DPW before 202412000 is vulnerable to Cross Site Scripting XSS. Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with...
CVE-2024-56882
Sage DPW before 202412000 is vulnerable to Cross Site Scripting XSS. Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with...
CVE-2024-56882
Sage DPW before 202412000 is vulnerable to Cross Site Scripting XSS. Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with...
CVE-2024-56882
Sage DPW before 202412000 is vulnerable to Cross Site Scripting XSS. Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with...
CVE-2024-56882
Sage DPW before 202412000 is vulnerable to Cross Site Scripting XSS. Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with...
CVE-2024-56882
CVE-2024-56882 affects Sage DPW before 2024_12_000. Affected component: Kurstitel and Kurzinfo input fields where low-privileged users with the employee role can permanently store JavaScript. The injected payload is executed for each authenticated user who views/interacts with the modified data. ...