A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the
emails sent to all users on that ticket.
Metrics
Affected Vendors & Products
References
History
Wed, 04 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 04 Dec 2024 00:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the emails sent to all users on that ticket. | |
Title | Authenticated HTML Injection in Issuetrak Ticket Comment Function | |
Weaknesses | CWE-79 CWE-80 |
|
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: Gridware
Published: 2024-12-04T00:23:39.944Z
Updated: 2024-12-04T14:49:43.102Z
Reserved: 2024-11-20T01:12:58.326Z
Link: CVE-2024-11479
Vulnrichment
Updated: 2024-12-04T14:49:34.599Z
NVD
Status : Received
Published: 2024-12-04T01:15:04.650
Modified: 2024-12-04T01:15:04.650
Link: CVE-2024-11479
Redhat
No data.