CVE-2023-24724

CVSS V2 None CVSS V3 None
Description
A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration interface (SASAdmin). For the product release, the reported version is 9.4_M2 and the fixed version is 9.4_M3. For the SAS release, the reported version is 9.4 TS1M2 and the fixed version is 9.4 TS1M3.
Overview
  • CVE ID
  • CVE-2023-24724
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-04-03T22:15:07
  • Last Modified Date
  • 2023-04-11T15:46:25
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:sas:web_administration_interface:9.4:m2:*:*:*:*:*:* 1 OR
History
Created Old Value New Value Data Type Notes
2023-04-17 04:03:38 Added to TrackCVE
2023-04-17 04:03:41 Weakness Enumeration new