go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

CHANGING Information Technology IDExpert - Reflected XSS

TVN ID TVN-202410025
CVE ID CVE-2024-10652
CVSS 6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products IDExpert version from 2.5 to 2.8
Description IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks.
Solution Update to version 2.8.0.0523 or later.
Credit Lai, Yu-Jen (CHT Security)
Public Date 2024-10-31
Top