CVE-2024-6051

MEDIUM

Vercom S.A. Redlink SDK <1.13 - XSS

Title source: llm

Description

Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13.

References (2)

[Various Sources] https://cert.pl/en/posts/2024/09/CVE-2024-6051/

[Various Sources] https://cert.pl/posts/2024/09/CVE-2024-6051/

Scores

CVSS v4 4.3

EPSS 0.0004

EPSS Percentile 13.0%

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:L/U:Clear

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-926

Status published

Products (1)

Vercom S.A./Redlink SDK < 1.13

Published Sep 30, 2024

Tracked Since Feb 18, 2026