← back
CVE-2024-11021

Grand Vice info Webopac - Stored XSS

CVSS 5.4 MEDIUMEPSS 0.3%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Nov 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N