CVE-2024-11021 MEDIUM

CVE-2024-11021: Grand Vice info Webopac - Stored XSS

Vendor Grand Vice Info

Product Webopac

Weakness CWE-79 · XSS

Published November 11, 2024

Last update November 11, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser.

Key dates

02Disclosure timeline

November 11, 2024 CVE published

November 11, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-11021 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2024-11021

CWE CWE-79

CVSS 5.4 / MEDIUM

Affected versions

Vendor Grand Vice Info

Product Webopac

Affected ≥ 6 and < 6.5.3

Vendor Grand Vice Info

Product Webopac

Affected ≥ 7 and < 7.2.1

CVE-2024-11021: Grand Vice info Webopac - Stored XSS

01Description

02Disclosure timeline

03References

04Related CVE