CVE-2024-7874

CVSS V2 None CVSS V3 None
Description
Tungsten Automation (Kofax) TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpConnectionId parameter manipulation in a form sent to endpoints "/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx" and "/TotalAgility/Kofax/BrowserDevice/ScanFrontDebug.aspx" This allows for injection of a malicious JavaScript code, leading to a possible information leak.  Exploitation is possible only while using POST requests and also requires retrieving/generating a proper VIEWSTATE parameter, which limits the risk of a successful attack.
Overview
  • CVE ID
  • CVE-2024-7874
  • Assigner
  • CERT-PL
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-12-06T20:54:40.934Z
  • Last Modified Date
  • 2024-12-06T20:54:40.934Z
History
Created Old Value New Value Data Type Notes
2024-12-07 13:12:16 Added to TrackCVE