CVE-2024-21984

MEDIUM Year: 2024
CVSS v3 Score
6.9
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability. Successful exploit requires the attacker to know specific information about the target instance and trick a privileged user into clicking a specially crafted link. This could allow the attacker to view or modify configuration settings or add or modify user accounts.

Related Vulnerabilities

CVE-2015-6005

MEDIUM
CVSS:6.9(Medium)

Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap mess...

CWE-792015

CVE-2019-11999

MEDIUM
CVSS:6.9(Medium)

Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates a...

CWE-792019

CVE-2020-8493

MEDIUM
CVSS:6.9(Medium)

A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions...

CWE-792020

CVE-2020-8496

MEDIUM
CVSS:6.9(Medium)

In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as a...

CWE-792020

CVE-2021-33691

MEDIUM
CVSS:6.9(Medium)

NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.SAP NetWeaver Development Infrastructu...

CWE-792021

CVE-2022-0967

MEDIUM
CVSS:6.9(Medium)

Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.

CWE-792022