CVE-2024-43025

MEDIUM

RWS MultiTrans <7.0.23324.2 - XSS

Title source: llm

Description

An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent e-mail.

References (3)

Core 3

Core References

Release Notes

https://community.rws.com/product-groups/translation_management/multitrans/w/releases/5112/multitrans-7-releases

Third Party Advisory

https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2024-43025

View Writeup ZIP pw:eip

Third Party Advisory

https://github.com/tomdantuma/CVE/tree/main/2024-43025

View Writeup ZIP pw:eip

Scores

CVSS v3 6.1

EPSS 0.0036

EPSS Percentile 58.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

rws/multitrans < 7.0.23324.2

Published Sep 18, 2024

Tracked Since Feb 18, 2026