NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. The affected product is no longer maintained. It is recommended to upgrade to the new product.
Fixes

Solution

The vendor has stated that WebEIP v3.0 has been released for over 15 years and is no longer supported or maintained. It is recommended to upgrade to the new WebEIP Pro product.


Workaround

No workaround given by the vendor.

History

Sat, 19 Oct 2024 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Newtype
Newtype webeip
CPEs cpe:2.3:a:newtype:webeip:3.0:*:*:*:*:*:*:*
Vendors & Products Newtype
Newtype webeip

Tue, 15 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 15 Oct 2024 03:30:00 +0000

Type Values Removed Values Added
Description NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. The affected product is no longer maintained. It is recommended to upgrade to the new product.
Title NewType WebEIP v3.0 - Reflected XSS
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2024-10-15T15:34:43.325Z

Reserved: 2024-10-15T01:57:21.815Z

Link: CVE-2024-9969

cve-icon Vulnrichment

Updated: 2024-10-15T15:34:39.894Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-15T04:15:04.413

Modified: 2024-10-19T00:51:02.383

Link: CVE-2024-9969

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.