LG Electronics SuperSign CMS vulnerable to Cross-site Scripting (XSS)
CVE-2024-6178

6.1MEDIUM

Key Information:

Vendor: Lg Electronics
Status: Supersign Cms
Vendor: CVE Published:; 20 June 2024

🔔 Create Lg Electronics Vulnerability Alert

What is CVE-2024-6178?

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1.

Affected Version(s)

SuperSign CMS 4.1.3

References

https://lgsecurity.lge.com/bulletins/idproducts#updateDet...

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2024
Vulnerability Reserved
Jun 19, 2024