Cross-Site Scripting Vulnerability in Boa Web Server
CVE-2024-47924

7.5HIGH

Key Information:

Vendor: Boa Web
Status: Boa Web
Vendor: CVE Published:; 30 December 2024

What is CVE-2024-47924?

The Boa web server is vulnerable to Cross-Site Scripting (XSS) attacks due to improper neutralization of input during web page generation. This flaw enables attackers to inject malicious scripts into web pages viewed by users, which can be executed by unsuspecting visitors. As a result, sensitive user information may be compromised, leading to potential data breaches and unauthorized access to systems. Securing web applications utilizing the Boa web server is imperative to protect against these risks.

Affected Version(s)

Boa web All versions

References

https://www.gov.il/en/Departments/faq/cve_advisories

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2024
Vulnerability Reserved
Oct 6, 2024

Credit

Gad Abuhatziera, Nimrod Bickels, Itay Cherdman - SOPHTIX Security LTD