Lucene search

MitreVULNRICHMENT:CVE-2024-36599

HistoryJun 14, 2024 - 12:00 a.m.

CVE-2024-36599

2024-06-1400:00:00

mitre

github.com

aegon life

xss

insertclient.php

cve-2024-36599

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

16.8%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php.

References

github.com/kaliankhe/CVE-Aslam-mahi/blob/9ec0572c68bfd3708a7d6e089181024131f4e927/vendors/projectworlds.in/AEGON%20LIFE%20v1.0%20Life%20Insurance%20Management%20System/CVE-2024-36599