Description
IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks.
Published: 2024-11-01
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

Vendor Solution

Update to version 2.8.0.0523 or later.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-33223 IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks.
History

Fri, 01 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 01 Nov 2024 10:15:00 +0000

Type Values Removed Values Added
Description IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks.
Title CHANGING Information Technology IDExpert - Reflected XSS
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2024-11-01T13:31:48.852Z

Reserved: 2024-11-01T02:36:01.192Z

Link: CVE-2024-10652

cve-icon Vulnrichment

Updated: 2024-11-01T13:31:44.828Z

cve-icon NVD

Status : Deferred

Published: 2024-11-01T10:15:04.877

Modified: 2026-06-17T06:56:07.543

Link: CVE-2024-10652

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses