QwikSec

Security Database

CVE

CWE

Training

CVE-2024-7124

Published: Nov 14, 2024

Modified: Nov 14, 2024

PUBLISHED

Description

Improper Neutralization of Input During Web Page Generation vulnerability in DInGO dLibra software in the parameter 'filter' in the endpoint 'indexsearch' allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects DInGO dLibra software in versions from 6.0 before 6.3.20.

Vendor	Product	Versions
Poznan Supercomputing and Networking Center	DInGO dLIbra	affected `6.0 - < 6.3.20`

Weaknesses (CWE)

References

https://cert.pl/en/posts/2024/11/CVE-2024-7124/

third-party-advisory

https://cert.pl/posts/2024/11/CVE-2024-7124/

third-party-advisory

https://dingo.psnc.pl/dlibra/

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.