CVE-2023-24724

Published: Apr 3, 2023

Modified: Feb 18, 2025

PUBLISHED

Description

A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration interface (SASAdmin). For the product release, the reported version is 9.4_M2 and the fixed version is 9.4_M3. For the SAS release, the reported version is 9.4 TS1M2 and the fixed version is 9.4 TS1M3.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://owasp.org/www-community/attacks/xss/

https://medium.com/%40williamamorim256/stored-xss-vulnerability-discovered-in-sas-9-4-admin-console-5680e9e4062c

https://support.sas.com/kb/55/539.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-24724

Description

Affected Products

References