1. Home
  2. CVE Database
  3. CVE-2024-41640
MEDIUM · 6.1

CVE-2024-41640

Cross Site Scripting (XSS) vulnerability in AML Surety Eco up to 3.5 allows an attacker to run arbitrary code via crafted GET request using the id parameter.

Vulnerability Description

Cross Site Scripting (XSS) vulnerability in AML Surety Eco up to 3.5 allows an attacker to run arbitrary code via crafted GET request using the id parameter.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2024-41640?

CVE-2024-41640 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross Site Scripting (XSS) vulnerability in AML Surety Eco up to 3.5 allows an attacker to run arbitrary code via crafted GET request using the id parameter.

How severe is CVE-2024-41640?

CVE-2024-41640 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-41640?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.