PT-2024-39967 · Newtype · Newtype Webeip
Published
2024-10-14
·
Updated
2024-10-19
·
CVE-2024-9969
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
NewType WebEIP version 3.0
Description
The issue is related to improper validation of user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters. This results in a Reflected Cross-site Scripting (XSS) attack. The affected product is no longer maintained.
Recommendations
For NewType WebEIP version 3.0, it is recommended to upgrade to the new product, as the affected product is no longer maintained. As a temporary workaround, consider restricting user input validation to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Newtype Webeip