How severe is CVE-2024-6449?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-6449?

This is classified as CWE-942, which is a common weakness in software security.

CVE-2024-6449 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by the attacker and execute them in the user space. By manipulating this parameter it is also possible to enumerate some of the devices in Local Area Network in which the server resides.

Related Vulnerabilities

CVE-2022-34366

MEDIUM

CVSS:6.5(Medium)

Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtai...

CWE-9422022

CVE-2023-37526

MEDIUM

CVSS:6.5(Medium)

HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Sharing (CORS) vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access...

CWE-9422023

CVE-2023-45213

MEDIUM

CVSS:6.5(Medium)

A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device.

CWE-9422023

CVE-2023-23128

MEDIUM

CVSS:6.1(Medium)

Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product f...

CWE-9422023

CVE-2023-38122

HIGH

CVSS:7.2(High)

Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected i...

CWE-9422023

CVE-2019-14860

HIGH

CVSS:7.4(High)

It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further acces...

CWE-9422019