CVE-2024-0718

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions liuwy-dlsdys zhglxt version 4.7.7

Description A problematic issue has been found in the HTTP POST Request Handler component, affecting the processing of the file /oa/notify/edit. The manipulation of the notifyTitle argument leads to cross-site scripting. The attack can be initiated remotely.

Recommendations For version 4.7.7, consider disabling the notifyTitle argument in the HTTP POST Request Handler until a patch is available. Restrict access to the /oa/notify/edit file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-0718

Affected Products

Liuwy-Dlsdys Zhglxt

CVE-2024-0718

Weakness Enumeration

Related Identifiers

Affected Products

References · 8