An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24695. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
References
Link | Resource |
---|---|
https://www.veritas.com/support/en_US/security/VTS24-013 |
Configurations
No configuration.
History
18 Nov 2024, 17:11
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
18 Nov 2024, 16:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 |
18 Nov 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-18 06:15
Updated : 2024-11-18 17:11
NVD link : CVE-2024-52941
Mitre link : CVE-2024-52941
CVE.ORG link : CVE-2024-52941
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')