PT-2024-29475 · Unknown · Aml Surety Eco
Alemusix
·
Published
2024-07-29
·
Updated
2024-08-01
·
CVE-2024-41640
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
AML Surety Eco versions up to 3.5
Description
The issue allows an attacker to run arbitrary code via a crafted GET request using the
id parameter. This is a Cross Site Scripting (XSS) issue.Recommendations
For AML Surety Eco versions up to 3.5, avoid using the
id parameter in GET requests until a fix is available. As a temporary workaround, consider restricting access to the affected module to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aml Surety Eco