Cross-site Scripting Vulnerability in Uyumsoft ERP by Uyumsoft
CVE-2024-10539

5.5MEDIUM

Key Information:

Vendor: Uyumsoft Informatin Systems
Status: Uyumsoft Erp
Vendor: CVE Published:; 23 January 2025

Summary

A Cross-site Scripting (XSS) vulnerability exists in Uyumsoft ERP, allowing attackers to exploit improper neutralization of input during web page generation. This flaw permits the injection of invalid characters, enabling reflected XSS attacks. The vulnerability impacts versions of Uyumsoft ERP prior to Erp4.2109.166p45, potentially compromising user data and application security.

Affected Version(s)

Uyumsoft ERP 0

References

https://www.usom.gov.tr/bildirim/tr-25-0017

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
Oct 30, 2024

Credit

Yusuf Kamil CAVUSOGLU

HAVELSAN Inc.