CVE-2024-9147 MEDIUM

CVE-2024-9147: HTML Injection in Bna Informatics' PosPratik

Vendor Bna Informatics
Product PosPratik
Weakness CWE-80 · XSS · basic
Published November 4, 2024
Last update June 2, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings. This issue affects PosPratik: before v3.2.1.

Key dates

02Disclosure timeline

November 4, 2024 CVE published
June 2, 2026 Record updated