Reflected Cross-Site Scripting Vulnerability in DInGO dLibra Software
CVE-2024-7124

Currently unrated

Key Information:

Vendor

DInGO

Status
dLibra
Vendor
CVE Published:
14 November 2024

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2024-7124?

A vulnerability in DInGO dLibra software exists due to insufficient input validation in the 'filter' parameter of the 'indexsearch' endpoint. This flaw allows attackers to create malicious URLs that, when accessed by unsuspecting users, execute arbitrary scripts in the victims' browsers, potentially leading to data theft or session hijacking. The affected versions of dLibra impact systems utilizing versions prior to 6.3.20.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-7124
Created by kac89

References

https://cert.pl/en/posts/2024/11/CVE-2024-7124/
https://cert.pl/posts/2024/11/CVE-2024-7124/
https://dingo.psnc.pl/dlibra/

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

JSON
.