CVE-2024-54451
CVSS Score
4.8
EPSS Score
0.0%
EPSS Percentile
0th
A cross-site scripting (XSS) vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attackers (authenticated as system administrators) to inject arbitrary web script or HTML via the COMPONENT_fields(htmlTitle) field, which is rendered in other pages of the application for all users (if the graphical customization has been activated by a super-administrator).
| Vendor | n/a |
| Product | n/a |
| Published | Dec 27, 2024 |
| Last Updated | Dec 28, 2024 |
Stay Ahead of the Next One
Get instant alerts for n/a n/a
Be the first to know when new medium vulnerabilities affecting n/a n/a are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
n/a / n/a
n/a