PT-2024-27743 · Sunbird · Sunbird Dcim Dctrack

Published

2024-12-16

Updated

2024-12-17

CVE-2024-37773

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Sunbird DCIM dcTrack version 9.1.2

Description An HTML injection issue allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen. This can be exploited by attackers with administrative access to inject malicious HTML code.

Recommendations For Sunbird DCIM dcTrack version 9.1.2, consider restricting access to the admin screen until a patch is available. As a temporary workaround, limit the ability of administrators to inject HTML code in the admin panel to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2024-37773

Affected Products

Sunbird Dcim Dctrack

PT-2024-27743 · Sunbird · Sunbird Dcim Dctrack

CVE-2024-37773

Weakness Enumeration

Related Identifiers

Affected Products

References · 8