CVE-2024-36494

{"id": "CVE-2024-36494", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-12-12T13:15:10.160", "references": [{"url": "https://r.sec-consult.com/imageaccess", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}, {"url": "https://www.imageaccess.de/?page=SupportPortal&lang=en", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}, {"url": "http://seclists.org/fulldisclosure/2024/Dec/2", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The login page at /cgi/slogin.cgi suffers from XSS due to improper input filtering of the -tsetup+-uuser parameter, which can only be exploited if the target user is not already logged in. This makes it ideal for login form phishing attempts."}, {"lang": "es", "value": "Debido a la falta de desinfecci\u00f3n de entrada, un atacante puede realizar ataques cross-site-scripting y ejecutar c\u00f3digo JavaScript arbitrario en el navegador de otros usuarios. La p\u00e1gina de inicio de sesi\u00f3n en /cgi/slogin.cgi sufre XSS reflejado debido al filtrado de entrada incorrecto del par\u00e1metro -tsetup+-uuser, que solo se puede explotar si el usuario de destino a\u00fan no ha iniciado sesi\u00f3n, lo que lo hace ideal para intentos de phishing en el formulario de inicio de sesi\u00f3n."}], "lastModified": "2025-11-03T22:16:59.180", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf"}