CVE-2024-40873

LOW Year: 2024
CVSS v3 Score
3.4
Low
Weakness Type
CWE-79
View all →

Vulnerability Description

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.07. Attackers with system administrator permissions can interfere with another system administrator’s use of the publishing UI when the administrators are editing the same management object. The scope is unchanged, there is no loss of confidentiality. Impact to system availability is none, impact to system integrity is high.

Related Vulnerabilities

CVE-2022-4067

LOW
CVSS:3.4(Low)

Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.

CWE-792022

CVE-2022-4069

LOW
CVSS:3.4(Low)

Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.

CWE-792022

CVE-2023-1237

LOW
CVSS:3.4(Low)

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

CWE-792023

CVE-2023-25840

LOW
CVSS:3.4(Low)

There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but co...

CWE-792023

CVE-2023-36016

LOW
CVSS:3.4(Low)

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CWE-792023

CVE-2024-2171

LOW
CVSS:3.4(Low)

A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacke...

CWE-792024