In Cleo Harmony before 5.8.0.20, VLTrader before 5.8.0.20, and LexiCom before 5.8.0.20, there is a JavaScript Injection vulnerability: unrestricted file upload and download could lead to remote code execution.
References
Configurations
No configuration.
History
30 Oct 2024, 21:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
28 Oct 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) In Cleo Harmony before 5.8.0.20, VLTrader before 5.8.0.20, and LexiCom before 5.8.0.20, there is a JavaScript Injection vulnerability: unrestricted file upload and download could lead to remote code execution. |
28 Oct 2024, 13:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
28 Oct 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-28 00:15
Updated : 2024-10-30 21:35
NVD link : CVE-2024-50623
Mitre link : CVE-2024-50623
CVE.ORG link : CVE-2024-50623
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')