NewType WebEIP v3.0 Vulnerability: Remote Reflected Cross-site Scripting Attack
CVE-2024-9969

5.4MEDIUM

Key Information:

Vendor: Newtype
Status: Webeip
Vendor: CVE Published:; 15 October 2024

What is CVE-2024-9969?

The NewType WebEIP v3.0 features a security flaw related to inadequate validation of user input, enabling remote attackers with standard privileges to inject malicious JavaScript into specific parameters. This flaw may lead to Reflected Cross-site Scripting (XSS) attacks, where the injected scripts execute in the context of the victim's browser. The affected product is no longer actively maintained, raising concerns for users regarding ongoing security updates and support. It is advisable for users to transition to an upgraded product to mitigate potential risks associated with this vulnerability.

Affected Version(s)

WebEIP 3.0

References

https://www.twcert.org.tw/tw/cp-132-8134-c476d-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-8135-ce1e6-2.html

third-party-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Oct 15, 2024

Newtype

What is CVE-2024-9969?

Affected Version(s)

References

CVSS V3.1

Timeline