CVE-2024-8776 MEDIUM

CVE-2024-8776: INTUMIT SmartRobot - Cross-site Scripting

Vendor Intumit

Product SmartRobot

Weakness CWE-79 · XSS

Published September 16, 2024

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks.

Key dates

02Disclosure timeline

September 16, 2024 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-8776

Related vulnerabilities

04Related CVE

CVE-2026-1439 Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface CVE-2023-46094 WordPress Conversios.io Plugin <= 6.5.3 is vulnerable to Cross Site Scripting (XSS) CVE-2025-54684 WordPress Integration for Contact Form 7 and Constant Contact Plugin plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability CVE-2023-6697 WP Go Maps (formerly WP Google Maps) <= 9.0.28 - Reflected Cross-Site Scripting CVE-2024-36110 Cross-site scripting in ansibleguy-webui