4 matches found
CVE-2024-28734
Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter...
CVE-2024-28734
creationtimestamp| type| source ---|---|--- 2024-03-19 15:26:59+00:00| seen| https://t.me/ctinow/211604 2024-04-07 22:02:52+00:00| seen| https://t.me/arpsyndicate/4382 2025-02-04 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-02-04 2025-05-15 00:00:00+00:00|...
CVE-2024-28734
CVE-2024-28734 describes a Cross‑Site Scripting vulnerability in Unit4 Financials by Coda, affecting versions prior to 2023Q4. The vulnerability resides in the /coda/frameset endpoint where the cols parameter is reflected without proper sanitization, allowing an attacker to inject JavaScript that...
Financials By Coda Cross Site Scripting
Vulnerability type: Cross-site Scripting Vendor: https://www.unit4.com/ Product: Financials by Coda Product site: https://www.unit4.com/fr/products/financial-management-software Affected version: HTTP/2 Host: TIMELINE – 30/10/2023: Vulnerability found – 02/11/2023: Vendor informed – 05/12/2023:...