Tungsten Automation (Kofax) TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpScreenResolutionWidth parameter manipulation in a form sent to an endpoint /TotalAgility/Kofax/BrowserDevice/ScanFront.aspx
This allows for injection of a malicious JavaScript code, leading to a possible information leak.
Exploitation is possible only while using POST requests and also requires retrieving/generating a proper VIEWSTATE parameter, which limits the risk of a successful attack.
Metrics
Affected Vendors & Products
References
History
Tue, 10 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Tungstenautomation
Tungstenautomation totalagility |
|
CPEs | cpe:2.3:a:tungstenautomation:totalagility:*:*:*:*:*:*:*:* | |
Vendors & Products |
Tungstenautomation
Tungstenautomation totalagility |
|
Metrics |
ssvc
|
Fri, 06 Dec 2024 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Tungsten Automation (Kofax) TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpScreenResolutionWidth parameter manipulation in a form sent to an endpoint /TotalAgility/Kofax/BrowserDevice/ScanFront.aspx This allows for injection of a malicious JavaScript code, leading to a possible information leak. Exploitation is possible only while using POST requests and also requires retrieving/generating a proper VIEWSTATE parameter, which limits the risk of a successful attack. | |
Title | XSS in Tungsten Automation TotalAgility | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: CERT-PL
Published: 2024-12-06T20:55:11.944Z
Updated: 2024-12-10T14:44:28.209Z
Reserved: 2024-08-16T11:43:41.671Z
Link: CVE-2024-7875
Vulnrichment
Updated: 2024-12-10T14:42:08.289Z
NVD
Status : Received
Published: 2024-12-06T21:15:09.613
Modified: 2024-12-06T21:15:09.613
Link: CVE-2024-7875
Redhat
No data.