References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

http://cemi.pl/

https://cert.pl/en/posts/2024/05/CVE-2024-4423/

https://cert.pl/posts/2024/05/CVE-2024-4423/

The access control in CemiPark software does not properly validate user-entered data, which allows the stored cross-site scripting (XSS) attack. The parameters used to enter data into the system do not have appropriate validation, which makes possible to smuggle in HTML/JavaScript code. This code will be executed in the user's browser space.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.

CERT.PL CWE-79

CERT.PL http://cemi.pl/ [No types assigned]

CERT.PL https://cert.pl/en/posts/2024/05/CVE-2024-4423/ [No types assigned]

CERT.PL https://cert.pl/posts/2024/05/CVE-2024-4423/ [No types assigned]