admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-40873.md

18 lines
1.0 KiB
Markdown
Raw Normal View History

Update CVE sources 2024-08-25 17:33
2024-08-25 17:33:10 +00:00
### [CVE-2024-40873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40873)
![](https://img.shields.io/static/v1?label=Product&message=Secure%20Access&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%2013.07%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
### Description
There is a cross-site scripting vulnerability in the SecureAccess administrative console of Absolute Secure Access prior to version 13.07.Attackers with system administrator permissions can interfere with anothersystem administrators use of the publishing UI when the administrators areediting the same management object. The scope is unchanged, there is no loss ofconfidentiality. Impact to system availability is none, impact to systemintegrity is high.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc
Reference in New Issue Copy Permalink