Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS). Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with the modified data elements.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
Link | Providers |
---|---|
https://cves.at/posts/cve-cve-2024-56882/writeup/ |
![]() ![]() |
History
Wed, 01 Oct 2025 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Sagedpw
Sagedpw sage Dpw |
|
CPEs | cpe:2.3:a:sagedpw:sage_dpw:*:*:*:*:*:*:*:* | |
Vendors & Products |
Sagedpw
Sagedpw sage Dpw |
Wed, 19 Feb 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
cvssV3_1
|
Tue, 18 Feb 2025 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS). Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with the modified data elements. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-02-19T15:01:18.753Z
Reserved: 2025-01-09T00:00:00.000Z
Link: CVE-2024-56882

Updated: 2025-02-19T14:59:35.657Z

Status : Analyzed
Published: 2025-02-18T18:15:26.830
Modified: 2025-10-01T17:42:56.573
Link: CVE-2024-56882

No data.

No data.