CVE Published: 14/06/2024 |
CVE Updated: 01/08/2024 |
CVE Year: 2024 Source: CERT-PL |
Vendor: Trol InterMedia Sp. z o.o. Sp. k. |
Product: 2ClickPortal Status : PUBLISHED
CVE-2024-5961 Description
Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user\'s browser. This issue affects 2ClickPortal software versions from 7.2.31 through 7.6.4.
CWE-ID: CWE-79 CWE Name: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or
Cross-site Scripting
) Source: Trol InterMedia Sp. z o.o. Sp. k.
Common Attack Pattern Enumeration and Classification (CAPEC)