ByteOS Network

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/tables/add, in multiple parameters. An attacker could retrieve the session details of an authenticated user.

Vendor-Adive

Product-Adive Framework

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-4337

Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)

View Details

Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)

CVSS Score-7.6||HIGH

EPSS-0.13% / 32.98%

7 Day CHG~0.00%

Published-30 Apr, 2024 | 09:33

Updated-03 Sep, 2024 | 18:16

Múltiple vulnerabilities on Adive Framework

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/nav/add, in multiple parameters. This vulnerability allows an attacker to retrieve the session details of an authenticated user.

Vendor-Adive

Product-Adive Framework

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2020-7989

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.33% / 55.11%

7 Day CHG~0.00%

Published-26 Jan, 2020 | 21:23