CVE-2024-12021

HIGH

Coverity < 2024.9.0 - Stored Cross-Site Scripting in Administrative Interfaces

Title source: llm
STIX 2.1

Description

Coverity versions prior to 2024.9.0 are vulnerable to stored cross-site scripting (XSS) in various administrative interfaces. The impact of exploitation may result in the compromise of local accounts managed by the Coverity platform as well as other standard impacts resulting from cross-site scripting.

References (1)

Core 1

Scores

CVSS v4 8.5
EPSS 0.0037
EPSS Percentile 28.9%
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
Black Duck/Coverity < 2024.9.0
Published Mar 31, 2025
Tracked Since Feb 18, 2026