Cross-Site Scripting vulnerability in Janto v4.3r11
CVE-2024-10332

6.1MEDIUM

Key Information:

Vendor: Janto
Status: Janto
Vendor: CVE Published:; 24 October 2024

Summary

A Cross-Site Scripting vulnerability has been identified in Janto v4.3r11, developed by Impronta. This security flaw allows attackers to inject and execute arbitrary JavaScript code within the context of the victim's browser by leveraging a crafted URL directed to the vulnerable endpoint, '/abonados/public/janto/main.php'. Users who click on a malicious link could be exposed to attacks aimed at stealing sensitive information or executing unintended actions within their sessions.

Affected Version(s)

Janto 4.3r11

References

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-...

https://impronta.es/

product

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 24, 2024
Vulnerability Reserved
Oct 24, 2024

Credit

6h4ack