CVE-2024-25831

F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting (XSS) vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface.
Configurations

No configuration.

History

21 Nov 2024, 09:01

Type Values Removed Values Added
References () https://neroteam.com/blog/f-logic-datacube3-vulnerability-report - () https://neroteam.com/blog/f-logic-datacube3-vulnerability-report -

20 Aug 2024, 20:35

Type Values Removed Values Added
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
Summary
  • (es) F-logic DataCube3 versión 1.0 se ve afectada por una vulnerabilidad de Cross-Site Scripting (XSS) reflejada debido a una sanitización de entrada inadecuada. Un atacante remoto autenticado puede ejecutar código JavaScript arbitrario en la interfaz de administración web.

29 Feb 2024, 01:44

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-29 01:44

Updated : 2024-11-21 09:01


NVD link : CVE-2024-25831

Mitre link : CVE-2024-25831

CVE.ORG link : CVE-2024-25831


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')