CVE-2024-11304

EUVD-2024-33716
Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS). This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
sehutnserver_pro
𝑥
≤ 20.1.22
ADP
sehutnserver_promax
𝑥
≤ 20.1.22
ADP
sehinu-100
𝑥
≤ 20.1.22
ADP
Common Weakness Enumeration
References
https://cyberdanube.com/en/en-st-polten-uas-stored-cross-site-scripting-in-seh-utnserver-pro/index.html
http://seclists.org/fulldisclosure/2024/Nov/7