Lucene search
K

4 matches found

NVD
NVD
added 2024/12/27 8:15 p.m.22 views

CVE-2024-54451

A cross-site scripting XSS vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attackers authenticated as system administrators to inject arbitrary web script or HTML via the...

4.8CVSS0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/27 12:0 a.m.14 views

CVE-2024-54451

A cross-site scripting XSS vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attackers authenticated as system administrators to inject arbitrary web script or HTML via the...

0.00263EPSS
Exploits0References2
CVE
CVE
added 2024/12/27 12:0 a.m.57 views

CVE-2024-54451

Kurmi Provisioning Suite is affected by an XSS flaw in the graphicCustomization.do page. The vulnerability allows an authenticated system administrator to inject arbitrary web script or HTML through the COMPONENT_fields(htmlTitle) field, which can be rendered on other pages for all users if graph...

4.8CVSS5.8AI score0.00263EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/27 12:0 a.m.6 views

CVE-2024-54451

A cross-site scripting XSS vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attackers authenticated as system administrators to inject arbitrary web script or HTML via the...

5.9AI score0.00263EPSS
Exploits0References2
Rows per page
Query Builder