Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/en/cp-139-8220-e75c2-2.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-8219-f12d0-1.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
18 Nov 2024, 19:00
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.twcert.org.tw/en/cp-139-8220-e75c2-2.html - Third Party Advisory | |
References | () https://www.twcert.org.tw/tw/cp-132-8219-f12d0-1.html - Third Party Advisory | |
First Time |
Vice
Vice webopac |
|
CPE | cpe:2.3:a:vice:webopac:*:*:*:*:*:*:*:* |
12 Nov 2024, 13:55
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
11 Nov 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-11 08:15
Updated : 2024-11-18 19:00
NVD link : CVE-2024-11021
Mitre link : CVE-2024-11021
CVE.ORG link : CVE-2024-11021
JSON object : View
Products Affected
vice
- webopac
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')