CVE-2024-9276

LOW

TMsoft MyAuth Gateway 3 - Cross-Site Scripting via /index.php console/nocache/cmd Argument

Title source: llm
STIX 2.1

Description

A vulnerability classified as problematic has been found in TMsoft MyAuth Gateway 3. Affected is an unknown function of the file /index.php. The manipulation of the argument console/nocache/cmd leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (3)

Core 3
Core References
Permissions Required, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.278658
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.278658
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.409126

Scores

CVSS v3 3.5
EPSS 0.0034
EPSS Percentile 25.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
TMsoft/MyAuth Gateway 3
Published Sep 27, 2024
Tracked Since Feb 18, 2026