CVE-2024-37680

Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the URL:weburl.
References
Link Resource
https://github.com/dabaizhizhu/123/issues/5 Exploit Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:finesoft_project:finesoft:*:*:*:*:*:*:*:*

History

26 Jun 2024, 17:48

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CWE CWE-79
Summary
  • (es) Hangzhou Meisoft Information Technology Co., Ltd. FineSoft &lt;=8.0 se ve afectado por Cross Site Scripting (XSS) que permite a atacantes remotos ejecutar código arbitrario. Ingrese cualquier cuenta y contraseña, haga clic en Iniciar sesión, la página informará un error y aparecerá un parámetro controlable en la URL: weburl.
References () https://github.com/dabaizhizhu/123/issues/5 - () https://github.com/dabaizhizhu/123/issues/5 - Exploit, Issue Tracking
First Time Finesoft Project
Finesoft Project finesoft
CPE cpe:2.3:a:finesoft_project:finesoft:*:*:*:*:*:*:*:*

24 Jun 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-24 19:15

Updated : 2024-07-03 02:04


NVD link : CVE-2024-37680

Mitre link : CVE-2024-37680

CVE.ORG link : CVE-2024-37680


JSON object : View

Products Affected

finesoft_project

  • finesoft
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')