PT-2024-34411 · Unknown · M2000 Smart4Web
Published
2024-11-15
·
Updated
2024-11-18
·
CVE-2024-50800
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
M2000 Smart4Web versions prior to 5.020241004
Description:
The issue allows a remote attacker to execute arbitrary code via the
error parameter in the URL. This is a Cross Site Scripting vulnerability, which can lead to the execution of arbitrary code.Recommendations:
For versions prior to 5.020241004, update to version 5.020241004 or later to resolve the issue.
As a temporary workaround, consider restricting access to the URL endpoint that accepts the
error parameter until a patch is available.
Avoid using the error parameter in the affected URL endpoint until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
M2000 Smart4Web