CVE-2024-44449

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Quorum onQ OS version 6.0.0.5.2064

Description The issue allows a remote attacker to obtain sensitive information via the msg parameter in the "Login page" API endpoint. This is a Cross Site Scripting vulnerability.

Recommendations For Quorum onQ OS version 6.0.0.5.2064, consider disabling the msg parameter in the Login page until a patch is available. Restrict access to the Login page to minimize the risk of exploitation. Avoid using the msg parameter in the affected API endpoint until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-44449

Affected Products

Quorum Onq Os

CVE-2024-44449

Weakness Enumeration

Related Identifiers

Affected Products

References · 6