CVE-2024-11479

CVSS

No CVSS.

HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the emails sent to all users on that ticket.

References

Link	Resource
https://helpcenter.issuetrak.com/home/2340-issuetrak-release-notes

Configurations

No configuration.

History

04 Dec 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-04 01:15

Updated : 2024-12-04 01:15

NVD link : CVE-2024-11479

Mitre link : CVE-2024-11479

CVE.ORG link : CVE-2024-11479

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

{"id": "CVE-2024-11479", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.1, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "LOW", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-12-04T01:15:04.650", "references": [{"url": "https://helpcenter.issuetrak.com/home/2340-issuetrak-release-notes", "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-80"}]}], "descriptions": [{"lang": "en", "value": "A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the \nemails sent to all users on that ticket."}, {"lang": "es", "value": " Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n HTML en la versi\u00f3n 17.1 de Issuetrak que podr\u00eda ser activada por un usuario autenticado. Se podr\u00eda agregar marcado HTML a los comentarios de los tickets, que al enviarse se mostrar\u00e1n en los correos electr\u00f3nicos enviados a todos los usuarios de ese ticket."}], "lastModified": "2024-12-04T01:15:04.650", "sourceIdentifier": "b7efe717-a805-47cf-8e9a-921fca0ce0ce"}

CVE-2024-11479

JSON object

Attach tags to CVE-2024-11479

Attach tags to `CVE-2024-11479`