PT-2024-35139 · Unknown · Vk All In One Expansion Unit

Umeda Yuugo

Published

2024-11-13

Updated

2024-11-19

CVE-2024-52268

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions VK All in One Expansion Unit versions prior to 9.100.1.0

Description A cross-site scripting issue exists, allowing an arbitrary script to be executed on the web browser of the user accessing the website using the product. This occurs when the vulnerability is exploited.

Recommendations For versions prior to 9.100.1.0, update to version 9.100.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the product's web interface until the update is applied.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-52268

Affected Products

Vk All In One Expansion Unit

PT-2024-35139 · Unknown · Vk All In One Expansion Unit

CVE-2024-52268

Weakness Enumeration

Related Identifiers

Affected Products

References · 9