CVE-2024-7124 MEDIUM

CVE-2024-7124: Reflected XSS in DInGO dLibra

Vendor Poznan Supercomputing And Networking Center

Product DInGO dLIbra

Weakness CWE-79 · XSS

Published November 14, 2024

Last update November 14, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/R:A/U:Green

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation vulnerability in DInGO dLibra software in the parameter 'filter' in the endpoint 'indexsearch' allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects DInGO dLibra software in versions from 6.0 before 6.3.20.

Key dates

02Disclosure timeline

November 14, 2024 CVE published

November 14, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-7124 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2024-7124

CWE CWE-79

CVSS 5.3 / MEDIUM

Affected versions