CVE-2024-36494
CVSS V2 None
CVSS V3 None
Description
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The login page at /cgi/slogin.cgi suffers from XSS due to improper input filtering of the -tsetup+-uuser parameter, which can only be exploited if the target user is not already logged in. This makes it ideal for login form phishing attempts.
Overview
- CVE ID
- CVE-2024-36494
- Assigner
- SEC-VLab
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-12-12T12:51:14.761Z
- Last Modified Date
- 2024-12-12T15:14:12.504Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://r.sec-consult.com/imageaccess | third-party-advisory |
https://www.imageaccess.de/?page=SupportPortal&lang=en | patch |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-36494 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36494 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-12-13 13:31:05 | Added to TrackCVE |