CVE-2024-52942

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
Configurations

No configuration.

History

18 Nov 2024, 17:11

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en Veritas Enterprise Vault anterior a la versión 15.1 UPD882911, ZDI-CAN-24696. Permite que un atacante remoto autenticado inyecte un parámetro en una solicitud HTTP, lo que permite la ejecución de cross site scripting (XSS) mientras se visualiza contenido archivado. Esto podría reflejarse en un usuario autenticado sin desinfección si lo ejecuta ese usuario.

18 Nov 2024, 16:35

Type Values Removed Values Added
CWE CWE-79

18 Nov 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-18 06:15

Updated : 2024-11-18 17:11


NVD link : CVE-2024-52942

Mitre link : CVE-2024-52942

CVE.ORG link : CVE-2024-52942


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')