PT-2024-37345 · Sowa Opac · Sowa Opac
Kacper Rybczyåski
+1
·
Published
2024-07-01
·
Updated
2024-08-15
·
CVE-2024-6050
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
SOWA OPAC versions 4.0 through 4.9.10
SOWA OPAC versions 5.0 through 6.2.12
Description:
The issue allows for Reflected Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation. An attacker could trick a user into using a crafted URL, causing a script to run in the user's browser.
Recommendations:
For SOWA OPAC versions 4.0 through 4.9.10, update to version 4.9.10 or later.
For SOWA OPAC versions 5.0 through 6.2.12, update to version 6.2.12 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sowa Opac