CVE-2024-2634

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Mar 19, 2024
CWE ID 79

Summary

CVE-2024-2634 is a Cross-Site Scripting (XSS) vulnerability that affects Meta4 HR version 819.001.022 and earlier. The specific endpoint '/sse_generico/generico_login.jsp' is vulnerable to XSS attacks through the 'lang' query parameter. An example of the attack payload is '/sse_generico/generico_login.jsp?lang=%27%3balert(%27BLEUSS%27)%2f%2f&params='. This vulnerability has a risk score of 25 and has been rated as MEDIUM severity. The exploitability score is 2.8, and it requires user interaction. The impact on integrity and confidentiality is low, while the attack vector is through the network. It has a CVSS vector string of 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'. Remediation steps to address this vulnerability are not provided in the information available.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-2634 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options