CVE-2024-45642

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-942
View all →

Vulnerability Description

IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Related Vulnerabilities

CVE-2024-22348

MEDIUM
CVSS:5.3(Medium)

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitiv...

CWE-9422024

CVE-2023-23128

MEDIUM
CVSS:6.1(Medium)

Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product f...

CWE-9422023

CVE-2024-21382

MEDIUM
CVSS:4.3(Medium)

Microsoft Edge for Android Information Disclosure Vulnerability

CWE-9422024

CVE-2022-34366

MEDIUM
CVSS:6.5(Medium)

Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtai...

CWE-9422022

CVE-2023-37526

MEDIUM
CVSS:6.5(Medium)

HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Sharing (CORS) vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access...

CWE-9422023

CVE-2023-45213

MEDIUM
CVSS:6.5(Medium)

A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device.

CWE-9422023