Metrics
Affected Vendors & Products
Solution
The vendor has stated that WebEIP v3.0 has been released for over 15 years and is no longer supported or maintained. It is recommended to upgrade to the new WebEIP Pro product.
Workaround
No workaround given by the vendor.
Sat, 19 Oct 2024 01:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Newtype
Newtype webeip |
|
CPEs | cpe:2.3:a:newtype:webeip:3.0:*:*:*:*:*:*:* | |
Vendors & Products |
Newtype
Newtype webeip |
Tue, 15 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 15 Oct 2024 03:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. The affected product is no longer maintained. It is recommended to upgrade to the new product. | |
Title | NewType WebEIP v3.0 - Reflected XSS | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: twcert
Published:
Updated: 2024-10-15T15:34:43.325Z
Reserved: 2024-10-15T01:57:21.815Z
Link: CVE-2024-9969

Updated: 2024-10-15T15:34:39.894Z

Status : Analyzed
Published: 2024-10-15T04:15:04.413
Modified: 2024-10-19T00:51:02.383
Link: CVE-2024-9969

No data.

No data.