CVE-2024-10652

Published Nov 1, 2024

Last updated 16 days ago

CVSS medium 6.1

Overview

Description
IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks.
Source
twcert@cert.org.tw
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
6.1
Impact score
2.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

twcert@cert.org.tw
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2024-10652 Reflected Cross-Site Scripting in IDExpert Unauthenticat... https://t.co/5whWO6TC63 Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd

    @VulmonFeeds

    1 Nov 2024

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-10652 IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject… https://t.co/R0S7HWYhz3

    @CVEnew

    1 Nov 2024

    415 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References