CVE-2024-11479 | THREATINT

Description

A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the emails sent to all users on that ticket.

PUBLISHED Reserved 2024-11-20 | Published 2024-12-04 | Updated 2024-12-04 | Assigner Gridware

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation

CWE-80 HTML Injection

Product status

Default status

unaffected

Issuetrak 17.1

affected

Credits

Harrison Daley finder

References

helpcenter.issuetrak.com/home/2340-issuetrak-release-notes

cve.org (CVE-2024-11479)

nvd.nist.gov (CVE-2024-11479)

Download JSON