Cross-Site Scripting Vulnerability in Inducer Relate by Vendor
CVE-2024-32405

2.6LOW

Key Information:

Vendor: Inducer
Status: Relate
Vendor: CVE Published:; 22 April 2024

What is CVE-2024-32405?

A Cross-Site Scripting (XSS) vulnerability exists in Inducer Relate prior to version 2024.1, allowing remote attackers to execute arbitrary scripts in the context of the user's browser. By crafting a malicious payload targeting the Answer field within the InlineMultiQuestion parameters on the Exam function, an attacker can escalate privileges and potentially compromise sensitive information. This vulnerability poses significant risks, particularly in environments where user input is not adequately sanitized.

References

https://cxsecurity.com/issue/WLB-2024040051

https://packetstormsecurity.com/files/178101/Relate-Cross...

CVSS V3.1

Score:

2.6

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2024
Vulnerability Reserved
Apr 12, 2024

CVE-2024-32405 Data

JSON