← back
CVE-2024-37352

Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

CVSS 4.5 MEDIUMEPSS 0.3%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
20 Jun 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administrator accesses the vulnerable page. The scope is unchanged, there is no loss of confidentiality. Impact to system integrity is high, impact to system availability is none.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N