4 matches found
CVE-2024-54451
A cross-site scripting XSS vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attackers authenticated as system administrators to inject arbitrary web script or HTML via the...
CVE-2024-54451
A cross-site scripting XSS vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attackers authenticated as system administrators to inject arbitrary web script or HTML via the...
CVE-2024-54451
Kurmi Provisioning Suite is affected by an XSS flaw in the graphicCustomization.do page. The vulnerability allows an authenticated system administrator to inject arbitrary web script or HTML through the COMPONENT_fields(htmlTitle) field, which can be rendered on other pages for all users if graph...
CVE-2024-54451
A cross-site scripting XSS vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attackers authenticated as system administrators to inject arbitrary web script or HTML via the...