PT-2024-22886 · Webasyst · Webasyst
Harel Levy
·
Published
2024-04-03
·
Updated
2024-08-27
·
CVE-2024-29413
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Webasyst version 2.9.9
Description
The issue allows a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function. This is a Cross Site Scripting vulnerability.
Recommendations
For Webasyst version 2.9.9, consider disabling the Instant messenger field in the Contact info function as a temporary workaround until a patch is available. Restrict access to this function to minimize the risk of exploitation. Avoid using the Instant messenger field until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webasyst