admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-40873.md
0xMarcio b0303abc0c Update CVE sources 2024-08-25 17:33
2024-08-25 17:33:10 +00:00

18 lines
1.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

### [CVE-2024-40873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40873)
![](https://img.shields.io/static/v1?label=Product&message=Secure%20Access&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%2013.07%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
### Description
There is a cross-site scripting vulnerability in the SecureAccess administrative console of Absolute Secure Access prior to version 13.07.Attackers with system administrator permissions can interfere with anothersystem administrators use of the publishing UI when the administrators areediting the same management object. The scope is unchanged, there is no loss ofconfidentiality. Impact to system availability is none, impact to systemintegrity is high.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc
Reference in New Issue View Git Blame Copy Permalink