CVE-2024-41785

Medium CVSS 6.1

Overview

IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CWE: CWE-79 Published: 2024-11-15T15:15:07.047

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.1 (MEDIUM)
Detected tags: unauth_access, xss (tag impact: HIGH)

Recommended actions:

Enforce authentication/authorization; reduce default endpoint exposure.
Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags