Vulnerability Description
Unsanitized user-supplied data saved in the PingFederate Administrative Console could trigger the execution of JavaScript code in subsequent user processing.
Related Weaknesses (CWE)
References
- https://docs.pingidentity.com/pingfederate/12.1/release_notes/pf_release_notes.h
- https://www.pingidentity.com/en/resources/downloads/pingfederate.html
FAQ
What is CVE-2024-25573?
CVE-2024-25573 is a documented vulnerability. Unsanitized user-supplied data saved in the PingFederate Administrative Console could trigger the execution of JavaScript code in subsequent user processing.
How severe is CVE-2024-25573?
CVSS scoring is not yet available for CVE-2024-25573. Check NVD for updates.
Is there a patch for CVE-2024-25573?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.