CVE-2024-3776

The parameter used in the login page of Netvision airPASS is not properly filtered for user input. An unauthenticated remote attacker can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks.
Configurations

No configuration.

History

21 Nov 2024, 09:30

Type Values Removed Values Added
References () https://www.twcert.org.tw/tw/cp-132-7730-584e3-1.html - () https://www.twcert.org.tw/tw/cp-132-7730-584e3-1.html -

15 Apr 2024, 13:15

Type Values Removed Values Added
Summary
  • (es) El parámetro utilizado en la página de inicio de sesión de Netvision airPASS no está filtrado correctamente para la entrada del usuario. Un atacante remoto no autenticado puede insertar código JavaScript en el parámetro para ataques de cross-site scripting reflejados.

15 Apr 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-15 04:15

Updated : 2024-11-21 09:30


NVD link : CVE-2024-3776

Mitre link : CVE-2024-3776

CVE.ORG link : CVE-2024-3776


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')