CVE-2024-9414 HIGH

CVE-2024-9414: Cross-site Scripting vulnerability in LCDS LAquis SCADA

Vendor Lcds - Leão Consultoria E Desenvolvimento De Sistemas Ltda Me
Product LAquis SCADA
Weakness CWE-79 · XSS
Published October 17, 2024
Last update October 17, 2024

CVSS base score

7.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

In LAquis SCADA version 4.7.1.511, a cross-site scripting vulnerability could allow an attacker to inject arbitrary code into a web page. This could allow an attacker to steal cookies, redirect users, or perform unauthorized actions.

Key dates

02Disclosure timeline

October 17, 2024 CVE published
October 17, 2024 Record updated