CVE-2024-42020 HIGH

CVE-2024-42020

Vendor Veeam
Product One
Published September 7, 2024
Last update October 27, 2024

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.

Key dates

02Disclosure timeline

September 7, 2024 CVE published
October 27, 2024 Record updated