Cross-site Scripting (XSS) vulnerability in HubBank affecting version 1.0.2. This vulnerability allows an attacker to send a specially crafted JavaScript payload to registration and profile forms and trigger the payload when any authenticated user loads the page, resulting in a session takeover.
References
| Link | Resource |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hubbank | Third Party Advisory |
| https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hubbank | Third Party Advisory |
Configurations
History
23 Apr 2025, 16:35
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:ofofonobsdev:hubbank:1.0.2:*:*:*:*:*:*:* | |
| References | () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hubbank - Third Party Advisory | |
| First Time |
Ofofonobsdev
Ofofonobsdev hubbank |
21 Nov 2024, 09:42
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
|
| References | () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hubbank - |
29 Apr 2024, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-04-29 13:15
Updated : 2025-04-23 16:35
NVD link : CVE-2024-4310
Mitre link : CVE-2024-4310
CVE.ORG link : CVE-2024-4310
JSON object : View
Products Affected
ofofonobsdev
- hubbank
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')