PT-2024-20044 · S/Notify · S/Notify
Published
2024-04-10
·
Updated
2025-06-17
·
CVE-2024-23735
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
S/Notify versions prior to 4.0.0 for Confluence
Description
A Cross Site Scripting (XSS) issue exists in the S/MIME certificate upload functionality of the User Profile pages, allowing attackers to manipulate user data via specially crafted certificates.
Recommendations
For versions prior to 4.0.0, update to version 4.0.0 or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
S/Notify