CVE-2024-2259 MEDIUM

CVE-2024-2259: Reflected XXS Vulnerability in InstaRISPACS Software

Vendor Meddiff Technologies
Product InstaRISPACS
Weakness CWE-79 · XSS
Published August 13, 2024
Last update August 13, 2024

CVSS base score

6.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H

What the vulnerability does

01Description

This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. A remote attacker could exploit this vulnerability by sending a specially crafted input to the vulnerable parameter to perform reflected Cross Site Scripting (XSS) attacks on the targeted system.

Key dates

02Disclosure timeline

August 13, 2024 CVE published
August 13, 2024 Record updated

Related vulnerabilities

04Related CVE