CVE-2024-45920

MEDIUM

Solvait 24.4.2 - Stored Cross-Site Scripting in Interest Feature

Title source: llm
STIX 2.1

Description

A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in "Intrest" feature.

References (1)

Core 1
Core References

Scores

CVSS v3 5.4
EPSS 0.0032
EPSS Percentile 23.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
solvait/solvait 24.4.2
Published Sep 30, 2024
Tracked Since Feb 18, 2026