CVE-2024-11021

Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vice:webopac:*:*:*:*:*:*:*:*
cpe:2.3:a:vice:webopac:*:*:*:*:*:*:*:*

History

18 Nov 2024, 19:00

Type Values Removed Values Added
References () https://www.twcert.org.tw/en/cp-139-8220-e75c2-2.html - () https://www.twcert.org.tw/en/cp-139-8220-e75c2-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-8219-f12d0-1.html - () https://www.twcert.org.tw/tw/cp-132-8219-f12d0-1.html - Third Party Advisory
First Time Vice
Vice webopac
CPE cpe:2.3:a:vice:webopac:*:*:*:*:*:*:*:*

12 Nov 2024, 13:55

Type Values Removed Values Added
Summary
  • (es) Webopac de Grand Vice Info presenta una vulnerabilidad de Cross-site Scripting almacenado. Los atacantes remotos con privilegios normales pueden inyectar código JavaScript arbitrario en el servidor. Cuando los usuarios visitan la página comprometida, el código se ejecuta automáticamente en su navegador.

11 Nov 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-11 08:15

Updated : 2024-11-18 19:00


NVD link : CVE-2024-11021

Mitre link : CVE-2024-11021

CVE.ORG link : CVE-2024-11021


JSON object : View

Products Affected

vice

  • webopac
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')