CVE-2024-6200

HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability. The injected JavaScript code can execute arbitrary action on behalf of the user accessing a ticket. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.
References
Link Resource
https://haloitsm.com/guides/article/?kbid=2152 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*
cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*

History

29 Aug 2024, 17:53

Type Values Removed Values Added
First Time Haloservicesolutions haloitsm
Haloservicesolutions
CVSS v2 : unknown
v3 : 8.0
v2 : unknown
v3 : 5.4
CPE cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*
References () https://haloitsm.com/guides/article/?kbid=2152 - () https://haloitsm.com/guides/article/?kbid=2152 - Vendor Advisory

06 Aug 2024, 16:30

Type Values Removed Values Added
Summary
  • (es) Las versiones de HaloITSM hasta 2.146.1 se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado. El código JavaScript inyectado puede ejecutar acciones arbitrarias en nombre del usuario que accede a un ticket. Las versiones de HaloITSM posteriores a la 2.146.1 (y los parches a partir de la 2.143.61) corrigen la vulnerabilidad mencionada.

06 Aug 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 06:15

Updated : 2024-08-29 17:53


NVD link : CVE-2024-6200

Mitre link : CVE-2024-6200

CVE.ORG link : CVE-2024-6200


JSON object : View

Products Affected

haloservicesolutions

  • haloitsm
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')