How severe is CVE-2024-37349?

This vulnerability has a severity rating of LOW with a CVSS score of 3.4 out of 10.

What type of vulnerability is CVE-2024-37349?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2024-37349 - LOW Severity | CVSS 3.4

Vulnerability Description

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with other system administrator’s use of the management UI when the victim administrator edits the same management object. This vulnerability is distinct from CVE-2024-37348 and CVE-2024-37351. The scope is unchanged, there is no loss of confidentiality. Impact to system integrity is high, impact to system availability is none.

Related Vulnerabilities

CVE-2022-4067

LOW

CVSS:3.4(Low)

Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.

CWE-792022

CVE-2022-4069

LOW

CVSS:3.4(Low)

Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.

CWE-792022

CVE-2023-1237

LOW

CVSS:3.4(Low)

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

CWE-792023

CVE-2023-25840

LOW

CVSS:3.4(Low)

There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but co...

CWE-792023

CVE-2023-36016

LOW

CVSS:3.4(Low)

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CWE-792023

CVE-2024-2171

LOW

CVSS:3.4(Low)

A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacke...

CWE-792024