XSS vulnerability in idiot pro version 28
CVE-2024-8750

6.1MEDIUM

Key Information:

Vendor: Synetics
Status: Idoit Pro
Vendor: CVE Published:; 12 September 2024

Summary

A Cross-Site Scripting (XSS) vulnerability exists in Idoit Pro version 28, which can be exploited by attackers to gain unauthorized access to the session details of authenticated users. The flaw stems from a failure to properly sanitize user input for specific parameters such as id, lang, mNavID, name, pID, treeNode, type, and view. This lack of input validation compromises user data security and exposes sensitive session information to potential attackers.

Affected Version(s)

Idoit pro 28

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 12, 2024
Vulnerability Reserved
Sep 12, 2024

Credit

Adriá Bonilla Martin

Héctor de armas