CVE-2024-36494

CVSS V2 None CVSS V3 None
Description
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The login page at /cgi/slogin.cgi suffers from XSS due to improper input filtering of the -tsetup+-uuser parameter, which can only be exploited if the target user is not already logged in. This makes it ideal for login form phishing attempts.
Overview
  • CVE ID
  • CVE-2024-36494
  • Assigner
  • SEC-VLab
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-12-12T12:51:14.761Z
  • Last Modified Date
  • 2024-12-12T15:14:12.504Z
References
History
Created Old Value New Value Data Type Notes
2024-12-13 13:31:05 Added to TrackCVE