CVE-2024-11021
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Grand Vice info | Webopac | 6 < 6.5.3 | affected |
| Grand Vice info | Webopac | 7 < 7.2.1 | affected |
Weaknesses
- CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.twcert.org.tw/tw/cp-132-8219-f12d0-1.html
- https://www.twcert.org.tw/en/cp-139-8220-e75c2-2.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.