CVE-2024-52268 MEDIUM

CVE-2024-52268

Vendor Vektor,Inc.
Product VK All in One Expansion Unit
Weakness CWE-79 · XSS
Published November 13, 2024
Last update November 13, 2024

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product.

Key dates

02Disclosure timeline

November 13, 2024 CVE published
November 13, 2024 Record updated