CVE-2024-11021

MEDIUM

Vice Webopac 6-6.5.1 - Stored Cross-Site Scripting

Title source: llm
STIX 2.1

Description

Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser.

References (2)

Core 2
Core References
Third Party Advisory third-party-advisory
https://www.twcert.org.tw/tw/cp-132-8219-f12d0-1.html
Third Party Advisory third-party-advisory
https://www.twcert.org.tw/en/cp-139-8220-e75c2-2.html

Scores

CVSS v3 5.4
EPSS 0.0028
EPSS Percentile 19.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
vice/webopac 6 - 6.5.1
Published Nov 11, 2024
Tracked Since Feb 18, 2026