VYPR
leads to cr","datePublished":"2024-01-30T05:31:05.09Z","dateModified":"2025-06-17T19:44:36.725Z","publisher":{"@type":"Organization","@id":"https://portal.vyprsec.ai#publisher","name":"VYPR","url":"https://portal.vyprsec.ai","logo":{"@type":"ImageObject","url":"https://portal.vyprsec.ai/icon.svg","width":64,"height":64},"description":"Real-time CVE intelligence newsroom — feeds, exploits, vendor advisories, and AI-synthesized insights."},"author":{"@type":"Organization","@id":"https://portal.vyprsec.ai#publisher","name":"VYPR","url":"https://portal.vyprsec.ai","logo":{"@type":"ImageObject","url":"https://portal.vyprsec.ai/icon.svg","width":64,"height":64},"description":"Real-time CVE intelligence newsroom — feeds, exploits, vendor advisories, and AI-synthesized insights."},"proficiencyLevel":"Expert","about":{"@type":"Thing","@id":"https://nvd.nist.gov/vuln/detail/CVE-2024-1029","name":"CVE-2024-1029","identifier":"CVE-2024-1029","description":"A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. Affected by this issue is some unknown functionality of the file /front/admin/tenancyDetail.php. The manipulation of the argument Nom with the input Dreux\"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252302 is the identifier assigned to this vulnerability.","additionalType":"https://schema.org/SoftwareApplication","sameAs":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1029"]},"keywords":"CVE-2024-1029, Cogites eReserv, Cogites eReserv","mentions":[{"@type":"SoftwareApplication","name":"eReserv","applicationCategory":"SecurityApplication","publisher":{"@type":"Organization","name":"Cogites"}},{"@type":"SoftwareApplication","name":"eReserv","applicationCategory":"SecurityApplication","publisher":{"@type":"Organization","name":"Cogites"}}],"isAccessibleForFree":true},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://portal.vyprsec.ai/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://portal.vyprsec.ai/cves"},{"@type":"ListItem","position":3,"name":"CVE-2024-1029","item":"https://portal.vyprsec.ai/cves/CVE-2024-1029"}]}]}
Unrated severityNVD Advisory· Published Jan 30, 2024· Updated Jun 17, 2025

Cogites eReserv tenancyDetail.php cross site scripting

CVE-2024-1029

Description

A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. Affected by this issue is some unknown functionality of the file /front/admin/tenancyDetail.php. The manipulation of the argument Nom with the input Dreux"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252302 is the identifier assigned to this vulnerability.

Affected products

2
  • Cogites/eReservllm-fuzzy2 versions
    =7.7.58+ 1 more
    • (no CPE)range: =7.7.58
    • (no CPE)range: 7.7.58

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.