VYPR
Unrated severityNVD Advisory· Published Feb 18, 2025· Updated Feb 19, 2025

CVE-2024-56882

CVE-2024-56882

Description

Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS). Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with the modified data elements.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Sage/Sagecpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <2024_12_000

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.