CVE-2024-56882

Medium CVSS: 5.4

Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS). Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with the modified data elements.

Vendor

Sagedpw

Product

Sage Dpw

CWE

CWE-79

Yayın Tarihi

2025-02-18 18:15:26

Güncelleme

2025-10-01 17:42:56

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Sage Dpw MEDIUM Sagedpw 2025

Referanslar

https://cves.at/posts/cve-cve-2024-56882/writeup/

Benzer Kayıtlar

Medium

CVE-2025-67805

A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Dat…

Low

CVE-2025-67806

The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumer…

Medium

CVE-2025-67807

The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumer…

Medium

CVE-2025-51533

An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access in…

Medium

CVE-2025-51531

A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_12_004 and earlier allows attackers to execute arb…

High

CVE-2025-51532

Incorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Databa…