CVE-2024-4424

{"id": "CVE-2024-4424", "metrics": {}, "published": "2024-05-14T15:43:41.587", "references": [{"url": "http://cemi.pl/", "source": "cvd@cert.pl"}, {"url": "https://cert.pl/en/posts/2024/05/CVE-2024-4423/", "source": "cvd@cert.pl"}, {"url": "https://cert.pl/posts/2024/05/CVE-2024-4423/", "source": "cvd@cert.pl"}, {"url": "http://cemi.pl/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert.pl/en/posts/2024/05/CVE-2024-4423/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert.pl/posts/2024/05/CVE-2024-4423/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The access control in\u00a0CemiPark software does not properly validate user-entered data, which allows the stored cross-site scripting (XSS) attack. The parameters used to enter data into the system do not have appropriate validation, which makes possible to smuggle in HTML/JavaScript code. This code will be executed in the user's browser space.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.\n\n"}, {"lang": "es", "value": "El control de acceso en el software CemiPark no valida adecuadamente los datos ingresados por el usuario, lo que permite el ataque de Cross Site Scripting (XSS) almacenado. Los par\u00e1metros utilizados para ingresar datos al sistema no cuentan con la validaci\u00f3n adecuada, lo que hace posible el contrabando de c\u00f3digo HTML/JavaScript. Este c\u00f3digo se ejecutar\u00e1 en el espacio del navegador del usuario. Este problema afecta al software CemiPark: 4.5, 4.7, 5.03 y potencialmente a otros. El vendedor se neg\u00f3 a proporcionar la gama espec\u00edfica de productos afectados."}], "lastModified": "2024-11-21T09:42:48.203", "sourceIdentifier": "cvd@cert.pl"}