CVE-2024-5961

MEDIUM

2ClickPortal <7.6.4 - XSS

Title source: llm

Description

Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects 2ClickPortal software versions from 7.2.31 through 7.6.4.

Exploits (1)

nomisec WORKING POC

by kac89 · poc

https://github.com/kac89/CVE-2024-5961

View Code ZIP pw:eip

References (3)

[Various Sources] https://cert.pl/en/posts/2024/06/CVE-2024-5961/

[Various Sources] https://cert.pl/posts/2024/06/CVE-2024-5961/

[Various Sources] https://2clickportal.pl/

Scores

CVSS v4 5.3

EPSS 0.0249

EPSS Percentile 85.4%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/R:A/U:Clear

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

Trol InterMedia Sp. z o.o. Sp. k./2ClickPortal 7.2.31 - 7.6.4

Published Jun 14, 2024

Tracked Since Feb 18, 2026