CVE-2024-4224

An authenticated stored cross-site scripting (XSS) exists in the TP-Link TL-SG1016DE affecting version TL-SG1016DE(UN) V7.6_1.0.0 Build 20230616, which could allow an adversary to run JavaScript in an administrator's browser. This issue was fixed in TL-SG1016DE(UN) V7_1.0.1 Build 20240628.
Configurations

No configuration.

History

21 Nov 2024, 09:42

Type Values Removed Values Added
References () https://takeonme.org/cves/CVE-2024-4224.html - () https://takeonme.org/cves/CVE-2024-4224.html -
References () https://www.tp-link.com/en/support/download/tl-sg1016de/v7/#Firmware - () https://www.tp-link.com/en/support/download/tl-sg1016de/v7/#Firmware -

01 Aug 2024, 13:59

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4

16 Jul 2024, 13:43

Type Values Removed Values Added
Summary
  • (es) Existe un cross-site scripting (XSS) almacenado autenticado en TP-Link TL-SG1016DE que afecta la versión TL-SG1016DE(UN) V7.6_1.0.0 Build 20230616, que podría permitir a un adversario ejecutar JavaScript en el navegador de un administrador. Este problema se solucionó en TL-SG1016DE(UN) V7_1.0.1 Build 20240628.

15 Jul 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-15 21:15

Updated : 2024-11-21 09:42


NVD link : CVE-2024-4224

Mitre link : CVE-2024-4224

CVE.ORG link : CVE-2024-4224


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')