CVE-2024-9572

Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter. This could allow a remote user to send a specially crafted query to an authenticated user and steal their session details.
Configurations

Configuration 1 (hide)

cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:*

History

08 Oct 2024, 18:45

Type Values Removed Values Added
CPE cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:*
Summary
  • (es) Vulnerabilidad de cross-site scripting (XSS) en SOPlanning &lt;1.45, debido a la falta de una validación adecuada de la entrada del usuario a través de /soplanning/www/process/groupe_save.php, en el parámetro groupe_id. Esto podría permitir que un usuario remoto envíe una consulta especialmente manipulada a un usuario autenticado y robe los detalles de su sesión.
First Time Soplanning soplanning
Soplanning
References () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-soplanning - () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-soplanning - Third Party Advisory
CVSS v2 : unknown
v3 : 6.3
v2 : unknown
v3 : 5.4

07 Oct 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-07 15:15

Updated : 2024-10-08 18:45


NVD link : CVE-2024-9572

Mitre link : CVE-2024-9572

CVE.ORG link : CVE-2024-9572


JSON object : View

Products Affected

soplanning

  • soplanning
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')