CVE-2024-2259 Vulnerability Details

  /     /     /  

CVE-2024-2259 Metadata Quick Info

CVE Published: 13/08/2024 | CVE Updated: 13/08/2024 | CVE Year: 2024
Source: CERT-In | Vendor: Meddiff Technologies | Product: InstaRISPACS
Status : PUBLISHED

CVE-2024-2259 Description

This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. A remote attacker could exploit this vulnerability by sending a specially crafted input to the vulnerable parameter to perform reflected Cross Site Scripting (XSS) attacks on the targeted system.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-79
CWE Name: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or Cross-site Scripting )
Source: Meddiff Technologies

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-591
CAPEC Description: CAPEC-591 Reflected XSS