CVE-2024-9969

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Published: Oct 15, 2024 / Updated: 36d ago

010
CVSS 5.4EPSS 0.05%Medium
CVE info copied to clipboard

NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. The affected product is no longer maintained. It is recommended to upgrade to the new product.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9969

Oct 15, 2024 at 4:15 AM
First Article

Feedly found the first article mentioning CVE-2024-9969. See article

Oct 15, 2024 at 4:24 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 15, 2024 at 4:24 AM
EPSS

EPSS Score was set to: 0.05% (Percentile: 14.8%)

Oct 15, 2024 at 10:16 AM
Static CVE Timeline Graph

Affected Systems

Newtype/webeip
+null more

Attack Patterns

CAPEC-209: XSS Using MIME Type Mismatch
+null more

News

National Institute of Standards and Technology (.gov) - NVD - Home
CVE-2024-9968 - WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. CVE-2024-9969 - NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack.
Medium - CVE-2024-9969 - NewType WebEIP v3.0 does not properly validate...
NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site...
CVE-2024-9969
Gravedad 3.1 (CVSS 3.1 Base Score) Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CVE-2024-9969 | NewType WebEIP 3.0 cross site scripting
A vulnerability classified as problematic has been found in NewType WebEIP 3.0 . Affected is an unknown function. The manipulation leads to cross site scripting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2024-9969 . It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
NewType WebEIP v3.0 - Reflected XSS
Newtype - MEDIUM - CVE-2024-9969 NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. The affected product is no longer maintained. It is recommended to upgrade to the new product.
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:Required
Scope:Changed
Confidentiality:Low
Integrity:Low
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI