CVE-2024-12021
HIGHCoverity < 2024.9.0 - Stored Cross-Site Scripting in Administrative Interfaces
Title source: llmDescription
Coverity versions prior to 2024.9.0 are vulnerable to stored cross-site scripting (XSS) in various administrative interfaces. The impact of exploitation may result in the compromise of local accounts managed by the Coverity platform as well as other standard impacts resulting from cross-site scripting.
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://community.blackduck.com/s/article/Black-Duck-Product-Security-Advisory-CVE-2024-12021
Scores
CVSS v4
8.5
EPSS
0.0037
EPSS Percentile
28.9%
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
Black Duck/Coverity
< 2024.9.0
Published
Mar 31, 2025
Tracked Since
Feb 18, 2026