CVE-2024-37178

MEDIUM Year: 2024
CVSS v3 Score
5.0
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

SAP Financial Consolidation does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. These endpoints are exposed over the network. The vulnerability can exploit resources beyond the vulnerable component. On successful exploitation, an attacker can cause limited impact to confidentiality of the application.

Related Vulnerabilities

CVE-2017-18783

MEDIUM
CVSS:5.0(Medium)

Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1....

CWE-792017

CVE-2017-18784

MEDIUM
CVSS:5.0(Medium)

Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0...

CWE-792017

CVE-2019-1677

MEDIUM
CVSS:5.0(Medium)

A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insuffi...

CWE-792019

CVE-2023-5244

MEDIUM
CVSS:5.0(Medium)

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.

CWE-792023

CVE-2024-23998

MEDIUM
CVSS:5.0(Medium)

goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue.

CWE-792024

CVE-2024-31574

MEDIUM
CVSS:5.0(Medium)

Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attacker to execute arbitrary code via a crafted script

CWE-792024