CVE-2024-6050

MEDIUM

Sokrates Sowa Opac < 4.9.10 - XSS

Title source: rule

Description

Improper Neutralization of Input During Web Page Generation vulnerability in SOKRATES-software SOWA OPAC allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects SOWA OPAC software in versions from 4.0 before 4.9.10, from 5.0 before 6.2.12.

Exploits (1)

nomisec WORKING POC 1 stars

by kac89 · poc

https://github.com/kac89/CVE-2024-6050

View Code ZIP pw:eip

References (2)

[Third Party Advisory] https://cert.pl/en/posts/2024/07/CVE-2024-6050/

[Third Party Advisory] https://cert.pl/posts/2024/07/CVE-2024-6050/

Scores

CVSS v3 6.1

EPSS 0.0209

EPSS Percentile 84.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

sokrates/sowa_opac 4.0 - 4.9.10

Published Jul 01, 2024

Tracked Since Feb 18, 2026