Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:6 a.m.7 views

CVE-2024-28734

Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter...

6.1CVSS6.8AI score0.01791EPSS
Exploits1References1
Circl
Circl
added 2024/03/19 3:26 p.m.40 views

CVE-2024-28734

creationtimestamp| type| source ---|---|--- 2024-03-19 15:26:59+00:00| seen| https://t.me/ctinow/211604 2024-04-07 22:02:52+00:00| seen| https://t.me/arpsyndicate/4382 2025-02-04 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-02-04 2025-05-15 00:00:00+00:00|...

6.1CVSS5.8AI score0.01791EPSS
In wildExploits1References4
CVE
CVE
added 2024/03/19 12:0 a.m.116 views

CVE-2024-28734

CVE-2024-28734 describes a Cross‑Site Scripting vulnerability in Unit4 Financials by Coda, affecting versions prior to 2023Q4. The vulnerability resides in the /coda/frameset endpoint where the cols parameter is reflected without proper sanitization, allowing an attacker to inject JavaScript that...

6.1CVSS6.8AI score0.01791EPSS
In wildExploits1References3
Packet Storm
Packet Storm
added 2024/03/15 12:0 a.m.392 views

Financials By Coda Cross Site Scripting

Vulnerability type: Cross-site Scripting Vendor: https://www.unit4.com/ Product: Financials by Coda Product site: https://www.unit4.com/fr/products/financial-management-software Affected version: HTTP/2 Host: TIMELINE – 30/10/2023: Vulnerability found – 02/11/2023: Vendor informed – 05/12/2023:...

7.4AI score0.01791EPSS
Exploits1
Rows per page
Query Builder