PT-2024-37274 · Unknown · 2Clickportal

Kacper Rybczyåski

Published

2024-06-14

Updated

2024-06-17

CVE-2024-5961

CVSS v4.0

5.3

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/R:A/U:Clear

Name of the Vulnerable Software and Affected Versions: 2ClickPortal versions 7.2.31 through 7.6.4

Description: The issue is related to improper neutralization of input during web page generation, allowing reflected cross-site scripting (XSS). An attacker could trick a user into using a crafted URL, causing a script to run in the user's browser.

Recommendations: For versions 7.2.31 through 7.6.4, update to a version that fixes the improper neutralization of input during web page generation to prevent reflected cross-site scripting (XSS) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-5961

Affected Products

2Clickportal

PT-2024-37274 · Unknown · 2Clickportal

CVE-2024-5961

Weakness Enumeration

Related Identifiers

Affected Products

References · 5