A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
History

Wed, 16 Oct 2024 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Veeam
Veeam one
Weaknesses CWE-79
CPEs cpe:2.3:a:veeam:one:*:*:*:*:*:*:*:*
Vendors & Products Veeam
Veeam one
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}


Mon, 09 Sep 2024 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 07 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Description A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection.
References
Metrics cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2024-10-27T14:31:53.241Z

Reserved: 2024-07-27T01:04:08.012Z

Link: CVE-2024-42020

cve-icon Vulnrichment

Updated: 2024-09-09T16:21:37.471Z

cve-icon NVD

Status : Modified

Published: 2024-09-07T17:15:14.127

Modified: 2024-10-27T15:35:08.650

Link: CVE-2024-42020

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.