CVE-2024-2259

Summary

This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. A remote attacker could exploit this vulnerability by sending a specially crafted input to the vulnerable parameter to perform reflected Cross Site Scripting (XSS) attacks on the targeted system.

Affected Software

VendorProductVersion RangeStatus
Meddiff TechnologiesInstaRISPACS3.0.0affected
Meddiff TechnologiesInstaRISPACS<=4.0.0 Build 29affected
Meddiff TechnologiesInstaRISPACS<=5.0.0 Build 19affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References