CVE-2024-4174 MEDIUM

CVE-2024-4174: Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server

Vendor Hyperion

Product Hyperion Web Server

Weakness CWE-79 · XSS

Published April 25, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server affecting version 2.0.15. This vulnerability could allow an attacker to execute malicious Javascript code on the client by injecting that code into the URL.

Key dates

02Disclosure timeline

April 25, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-4174 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-53462 WordPress SAPO Feed plugin <= 2.4.2 - Cross Site Scripting (XSS) vulnerability CVE-2026-42401 Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection CVE-2025-23379 CVE-2023-38121 Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability CVE-2025-53234 WordPress UDesign Core plugin <= 4.14.0 - Cross Site Scripting (XSS) vulnerability