go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Grand Vice info Webopac - Stored XSS

TVN ID TVN-202411006
CVE ID CVE-2024-11021
CVSS 5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products Webopac 6, Webopac 7
Description Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser.
Solution Update Webopac 6 to version 6.5.1 or later
Update Webopac 7 to version 7.2.3 or later.
Credit TSAI, MING-HUNG, Shoui Tseng, WoodMan Kang (Onward Security Corporation)
Public Date 2024-11-08
Top