Security Advisory

CVE-2024-11986

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-12-13 13:46:54

Last updated 2024-12-13 20:41:28

Assigner ENISA

State PUBLISHED

Description

Improper input handling in the Host Header allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the applications standard functionality, it enables the execution of the payload, resulting in Stored XSS or Cross-Site Scripting.

← Browse all CVEs View on cve.org ↗