Security Advisory

CVE-2024-2633

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-03-19 12:03:45

Last updated 2024-08-01 19:18:48

Assigner INCIBE

State PUBLISHED

Description

A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint /sitetest/english/dumpenv.jsp is vulnerable to XSS attack by lang query, i.e. /sitetest/english/dumpenv.jsp?snoop=yes&lang=%27%3Cimg%20src/onerror=alert(1)%3E&params.

← Browse all CVEs View on cve.org ↗