HyperView Geoportal Toolkit in versions lower than 8.5.0 is vulnerable to Reflected Cross-Site Scripting (XSS). An unauthenticated attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser.
References
Link | Resource |
---|---|
https://cert.pl/en/posts/2024/08/CVE-2024-6449 | Third Party Advisory |
https://cert.pl/posts/2024/08/CVE-2024-6449 | Third Party Advisory |
Configurations
History
12 Sep 2024, 15:42
Type | Values Removed | Values Added |
---|---|---|
First Time |
Hyperview geoportal Toolkit
Hyperview |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:hyperview:geoportal_toolkit:*:*:*:*:*:*:*:* | |
References | () https://cert.pl/en/posts/2024/08/CVE-2024-6449 - Third Party Advisory | |
References | () https://cert.pl/posts/2024/08/CVE-2024-6449 - Third Party Advisory |
06 Sep 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
Summary | (en) HyperView Geoportal Toolkit in versions lower than 8.5.0 is vulnerable to Reflected Cross-Site Scripting (XSS). An unauthenticated attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. |
28 Aug 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-28 12:15
Updated : 2024-09-12 15:42
NVD link : CVE-2024-6450
Mitre link : CVE-2024-6450
CVE.ORG link : CVE-2024-6450
JSON object : View
Products Affected
hyperview
- geoportal_toolkit
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')