CVE-2024-6450

HyperView Geoportal Toolkit in versions lower than 8.5.0 is vulnerable to Reflected Cross-Site Scripting (XSS). An unauthenticated attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:hyperview:geoportal_toolkit:*:*:*:*:*:*:*:*

History

12 Sep 2024, 15:42

Type Values Removed Values Added
First Time Hyperview geoportal Toolkit
Hyperview
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:hyperview:geoportal_toolkit:*:*:*:*:*:*:*:*
References () https://cert.pl/en/posts/2024/08/CVE-2024-6449 - () https://cert.pl/en/posts/2024/08/CVE-2024-6449 - Third Party Advisory
References () https://cert.pl/posts/2024/08/CVE-2024-6449 - () https://cert.pl/posts/2024/08/CVE-2024-6449 - Third Party Advisory

06 Sep 2024, 13:15

Type Values Removed Values Added
Summary
  • (es) HyperView Geoportal Toolkit en versiones anteriores a la 8.2.4 es vulnerable a ataques XSS (Cross-Site Scripting Reflejado). Un atacante no autenticado podría engañar a alguien para que use una URL creada, lo que provocará que se ejecute un script en el navegador del usuario.
Summary (en) HyperView Geoportal Toolkit in versions though 8.2.4 is vulnerable to Reflected Cross-Site Scripting (XSS). An unauthenticated attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. (en) HyperView Geoportal Toolkit in versions lower than 8.5.0 is vulnerable to Reflected Cross-Site Scripting (XSS). An unauthenticated attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser.

28 Aug 2024, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-28 12:15

Updated : 2024-09-12 15:42


NVD link : CVE-2024-6450

Mitre link : CVE-2024-6450

CVE.ORG link : CVE-2024-6450


JSON object : View

Products Affected

hyperview

  • geoportal_toolkit
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')