CVE-2024-42020

A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.
References
Link Resource
https://www.veeam.com/kb4649 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:veeam:one:*:*:*:*:*:*:*:*

History

16 Oct 2024, 13:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.3
v2 : unknown
v3 : 5.4
References () https://www.veeam.com/kb4649 - () https://www.veeam.com/kb4649 - Vendor Advisory
First Time Veeam
Veeam one
CPE cpe:2.3:a:veeam:one:*:*:*:*:*:*:*:*
CWE CWE-79

09 Sep 2024, 13:03

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de cross site scripting (XSS) en los widgets Reporter que permite la inyección de HTML.

07 Sep 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-07 17:15

Updated : 2024-10-27 15:35


NVD link : CVE-2024-42020

Mitre link : CVE-2024-42020

CVE.ORG link : CVE-2024-42020


JSON object : View

Products Affected

veeam

  • one
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')