QwikSec

Security Database

CVE

CWE

Training

CVE-2024-2259

Published: Aug 13, 2024

Modified: Aug 13, 2024

PUBLISHED

Description

This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. A remote attacker could exploit this vulnerability by sending a specially crafted input to the vulnerable parameter to perform reflected Cross Site Scripting (XSS) attacks on the targeted system.

Vendor	Product	Versions
Meddiff Technologies	InstaRISPACS	affected `3.0.0` affected `<=4.0.0 Build 29` affected `<=5.0.0 Build 19`

Weaknesses (CWE)

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0241

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.