go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Grand Vice info Webopac7 - Reflected XSS

TVN ID TVN-202411004
CVE ID CVE-2024-11019
CVSS 6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products Webopac 6, Webopac 7
Description Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques.
Solution Update Webopac 6 to version 6.5.1 or later
Update Webopac 7 to version 7.2.3 or later.
Credit TSAI, MING-HUNG, Shoui Tseng, WoodMan Kang (Onward Security Corporation)
Public Date 2024-11-08

Links

  1. CVE-2024-11019
Top