CVE-2024-5961 MEDIUM

CVE-2024-5961: Reflected XSS in 2ClickPortal

Vendor Trol Intermedia Sp. Z O.o. Sp. K.
Product 2ClickPortal
Weakness CWE-79 · XSS
Published June 14, 2024
Last update August 1, 2024
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/R:A/U:Clear

What the vulnerability does

01Description

Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects 2ClickPortal software versions from 7.2.31 through 7.6.4.

Key dates

02Disclosure timeline

June 14, 2024 CVE published
August 1, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-42335 Huachu Digital Technology Co.,Ltd. Easytest - Stored XSS CVE-2024-25916 WordPress My Calendar plugin <= 3.4.23 - Cross Site Scripting (XSS) vulnerability CVE-2025-47084 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2023-24002 WordPress YouTube Embed, Playlist and Popup by WpDevArt Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS) CVE-2025-67932 WordPress Listeo Core plugin < 2.0.19 - Cross Site Scripting (XSS) vulnerability