An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user.
References
Link | Resource |
---|---|
https://www.veritas.com/content/support/en_US/security/VTS24-010 | Vendor Advisory |
Configurations
History
13 Nov 2024, 15:25
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
First Time |
Veritas
Veritas data Insight |
|
CPE | cpe:2.3:a:veritas:data_insight:*:*:*:*:*:*:*:* | |
References | () https://www.veritas.com/content/support/en_US/security/VTS24-010 - Vendor Advisory |
06 Oct 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user. |
04 Oct 2024, 13:50
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
04 Oct 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-04 06:15
Updated : 2024-11-26 16:15
NVD link : CVE-2024-47854
Mitre link : CVE-2024-47854
CVE.ORG link : CVE-2024-47854
JSON object : View
Products Affected
veritas
- data_insight
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')