What the vulnerability does
01Description
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.
CVSS base score
7.2/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Key dates
02Disclosure timeline
September 13, 2024
CVE published
September 13, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-24366 Insufficient sanitization of user provided rsync command in SFTPGo
CVE-2021-32772 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in helper_entries
CVE-2026-21389 Copeland XWEB and XWEB Pro OS Command Injection
CVE-2026-4802 Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui
CVE-2024-5421 Authenticated Command Injection
