ByteOS Network

NVD Vulnerability Details :

CVE-2024-4424

Deferred

Source-cvd@cert.pl

Published At-14 May, 2024 | 15:43

Updated At-15 Apr, 2026 | 00:35

The access control in CemiPark software does not properly validate user-entered data, which allows the stored cross-site scripting (XSS) attack. The parameters used to enter data into the system do not have appropriate validation, which makes possible to smuggle in HTML/JavaScript code. This code will be executed in the user's browser space.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	cvd@cert.pl

CWE ID: CWE-79

Type: Secondary

Source: cvd@cert.pl

References

Hyperlink	Source	Resource
http://cemi.pl/	cvd@cert.pl	N/A
https://cert.pl/en/posts/2024/05/CVE-2024-4423/	cvd@cert.pl	N/A
https://cert.pl/posts/2024/05/CVE-2024-4423/	cvd@cert.pl	N/A
http://cemi.pl/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://cert.pl/en/posts/2024/05/CVE-2024-4423/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://cert.pl/posts/2024/05/CVE-2024-4423/	af854a3a-2127-422b-91ae-364da2661108	N/A