NewType WebEIP v3.0 Vulnerability: Remote Reflected Cross-site Scripting Attack
CVE-2024-9969

5.4MEDIUM

Key Information:

Vendor: Newtype
Status: Webeip
Vendor: CVE Published:; 15 October 2024

Summary

The NewType WebEIP v3.0 features a security flaw related to inadequate validation of user input, enabling remote attackers with standard privileges to inject malicious JavaScript into specific parameters. This flaw may lead to Reflected Cross-site Scripting (XSS) attacks, where the injected scripts execute in the context of the victim's browser. The affected product is no longer actively maintained, raising concerns for users regarding ongoing security updates and support. It is advisable for users to transition to an upgraded product to mitigate potential risks associated with this vulnerability.

Affected Version(s)

WebEIP 3.0

References

https://www.twcert.org.tw/tw/cp-132-8134-c476d-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-8135-ce1e6-2.html

third-party-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Oct 15, 2024

Collectors

NVD DatabaseMitre Database