3 matches found
CVE-2024-11986
Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scriptin...
CVE-2024-11986
Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scriptin...
CVE-2024-11986
CVE-2024-11986 involves improper input handling of the Host Header in CrushFTP, allowing an unauthenticated attacker to craft input that is stored in web application logs and can execute when an Administrator views the logs. Connected sources identify CrushFTP as the affected product and note the...