CVE-2024-12021 HIGH

CVE-2024-12021: Stored Cross-Site Scripting

Vendor Black Duck

Product Coverity

Weakness CWE-79 · XSS

Published March 31, 2025

Last update March 31, 2025

View on NVD All CVEs

CVSS base score

8.5/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Coverity versions prior to 2024.9.0 are vulnerable to stored cross-site scripting (XSS) in various administrative interfaces. The impact of exploitation may result in the compromise of local accounts managed by the Coverity platform as well as other standard impacts resulting from cross-site scripting.

Key dates

02Disclosure timeline

March 31, 2025 CVE published

March 31, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-12021

Related vulnerabilities

04Related CVE

CVE-2026-30238 Group-Office: Reflected XSS in JavaScript context CVE-2026-24626 WordPress Logo Slider plugin <= 5.1.1 - Cross Site Scripting (XSS) vulnerability CVE-2026-32542 WordPress Fusion Builder plugin < 3.15.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2026-8872 Animate Your Content <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CVE-2026-42734 WordPress Geo Mashup plugin <= 1.13.19 - Cross Site Scripting (XSS) vulnerability