PT-2025-1641 · Eura7 · Eura7 Cmsmanager
Sebastian Jeå¼
+1
·
Published
2025-01-27
·
Updated
2025-03-21
·
CVE-2024-11348
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Eura7 CMSmanager versions 4.6 and below
Description
The issue is related to Reflected XSS attacks, which can be triggered through manipulation of the
return GET request parameter sent to a specific endpoint.Recommendations
For Eura7 CMSmanager versions 4.6 and below, apply patch 17012022 to address the vulnerability. As a temporary workaround, consider restricting access to the vulnerable endpoint until the patch is applied. Avoid using the
return parameter in the affected endpoint until the issue is resolved.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eura7 Cmsmanager