CVE-2024-2259

MEDIUM

InstaRISPACS 3.0.0-4.0.0 Build 29 and 5.0.0 Build 19 - Reflected Cross-Site Scripting via LoginTo Parameter

Title source: llm
STIX 2.1

Description

This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. A remote attacker could exploit this vulnerability by sending a specially crafted input to the vulnerable parameter to perform reflected Cross Site Scripting (XSS) attacks on the targeted system.

References (1)

Core 1

Scores

CVSS v4 6.4
EPSS 0.0050
EPSS Percentile 39.4%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (3)
Meddiff Technologies/InstaRISPACS 3.0.0
Meddiff Technologies/InstaRISPACS <=4.0.0 Build 29
Meddiff Technologies/InstaRISPACS <=5.0.0 Build 19
Published Aug 13, 2024
Tracked Since Feb 18, 2026