CVE-2024-7873

Summary

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - 83 Improper Neutralization of Script in Attributes in a Web Page vulnerability in Veribilim Software Veribase Order allows Stored XSS, Cross-Site Scripting (XSS), Exploit Script-Based APIs, XSS Through HTTP Headers.

This issue affects Veribase Order: before v4.010.3.

Affected Software

VendorProductVersion RangeStatus
Veribilim SoftwareVeribase Order0 < v4.010.3affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
  • CWE-116: CWE-116 Improper Encoding or Escaping of Output
  • CWE - 83 Improper Neutralization of Script in Attributes in a Web Page

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References