CVE-2024-11986

CVSS V2 None CVSS V3 None
Description
Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scripting'.
Overview
  • CVE ID
  • CVE-2024-11986
  • Assigner
  • ENISA
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-12-13T13:46:54.204Z
  • Last Modified Date
  • 2024-12-13T20:41:28.545Z
References
History
Created Old Value New Value Data Type Notes
2024-12-14 13:51:30 Added to TrackCVE