PT-2024-25049 · Unknown · Data Provisioning Service
Published
2024-05-14
·
Updated
2024-05-14
·
CVE-2024-33002
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Data Provisioning Service (affected versions not specified)
Description
The issue is related to the Document Service handler in the Data Provisioning Service, which does not properly encode user-controlled inputs. This results in a Cross-Site Scripting (XSS) issue, affecting the Confidentiality and Integrity of the application, with low impact.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Data Provisioning Service