CVE-2024-45879

Published Nov 13, 2024

Last updated 2 days ago

Overview

Description
The file upload function in the "QWKalkulation" tool of baltic-it TOPqw Webportal v1.35.287.1 (fixed in version 1.35.291), in /Apps/TOPqw/QWKalkulation/QWKalkulation.aspx, is vulnerable to Cross-Site Scripting (XSS). To exploit the persistent XSS vulnerability, an attacker has to be authenticated to the application that uses the "TOPqw Webportal" as a software. When authenticated, the attacker can persistently place the malicious JavaScript code in the "QWKalkulation" menu.'
Source
cve@mitre.org
NVD status
Awaiting Analysis

Social media

Hype score
Not currently trending

  1. CVE-2024-45879 Persistent XSS in TOPqw Webportal's QWKalkulation File Upload Function The file upload feature in the "QWKalkulation" tool of baltic-it TOPqw Webportal version 1.35.287.1 (corrected in version 1.35... https://t.co/uzYNkZZUJo

    @VulmonFeeds

    14 Nov 2024

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References