Reflected Cross-Site Scripting Vulnerability in 2ClickPortal Software
CVE-2024-5961

Currently unrated

Key Information:

Vendor

Trol Intermedia Sp. Z O.o. Sp. K.

Status
2clickportal
Vendor
CVE Published:
14 June 2024

Badges

👾 Exploit Exists

What is CVE-2024-5961?

Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects 2ClickPortal software versions from 7.2.31 through 7.6.4.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

2ClickPortal 7.2.31 <= 7.6.4

References

https://cert.pl/en/posts/2024/06/CVE-2024-5961/
third-party-advisory
https://cert.pl/posts/2024/06/CVE-2024-5961/
third-party-advisory
https://2clickportal.pl/
product

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kacper Rybczyński
JSON
.