CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

VulnCheck KEV•added 2025/08/07 12:0 a.m.•0 views

VulnCheck KEV: CVE-2024-42852

Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component...

6.1CVSS6.2AI score0.03009EPSS

In wildExploits0References2

RedhatCVE•added 2025/05/23 7:26 a.m.•5 views

CVE-2024-42852

Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component...

6.1CVSS7.4AI score0.03009EPSS

Exploits0References1

NVD•added 2024/08/23 6:15 p.m.•8 views

CVE-2024-42852

Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component...

6.1CVSS0.03009EPSS

Exploits0References1

Positive Technologies•added 2024/08/23 12:0 a.m.•2 views

PT-2024-30185 · Unknown · Acutoweb Server

Name of the Vulnerable Software and Affected Versions: AcuToWeb server version 10.5.0.7577C8b Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the "index.php" component. This enables the attacker to perform unauthorized actions on the affected syste...

6.1CVSS6.8AI score0.03009EPSS

Exploits0References7

CVE•added 2024/08/23 12:0 a.m.•54 views

CVE-2024-42852

AcuToWeb server 10.5.0.7577C8b is vulnerable to reflected XSS via the portgw parameter. Unsanitized input is reflected in the response, allowing arbitrary JavaScript execution in a victim’s browser. Root cause: insufficient input validation/output encoding for portgw. Impact: arbitrary JS executi...

6.1CVSS7.4AI score0.03009EPSS

In wildExploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by