CVE-2024-37679

Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp parameter.
References
Link Resource
https://github.com/dabaizhizhu/123/issues/4 Exploit Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:finesoft_project:finesoft:*:*:*:*:*:*:*:*

History

26 Jun 2024, 17:48

Type Values Removed Values Added
References () https://github.com/dabaizhizhu/123/issues/4 - () https://github.com/dabaizhizhu/123/issues/4 - Exploit, Issue Tracking
CWE CWE-79
Summary
  • (es) Vulnerabilidad de Cross Site Scripting en Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 y anteriores permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado para el parámetro login.jsp.
CPE cpe:2.3:a:finesoft_project:finesoft:*:*:*:*:*:*:*:*
First Time Finesoft Project
Finesoft Project finesoft
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1

24 Jun 2024, 20:15

Type Values Removed Values Added
Summary (en) Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., LTd Finnesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp parameter. (en) Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp parameter.

24 Jun 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-24 19:15

Updated : 2024-07-03 02:04


NVD link : CVE-2024-37679

Mitre link : CVE-2024-37679

CVE.ORG link : CVE-2024-37679


JSON object : View

Products Affected

finesoft_project

  • finesoft
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')