CVE-2024-10332 | THREATINT

Description

A Cross-Site Scripting vulnerability has been found in Janto v4.3r11 from Impronta. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the endpoint “/abonados/public/janto/main.php”.

PUBLISHED Reserved 2024-10-24 | Published 2024-10-24 | Updated 2024-10-24 | Assigner INCIBE

MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

unaffected

4.3r11

affected

Credits

6h4ack finder

References

www.incibe.es/...-scripting-xss-vulnerability-janto-impronta

impronta.es/ product

cve.org (CVE-2024-10332)

nvd.nist.gov (CVE-2024-10332)

Download JSON