CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-25344

Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defaults.php,settings_integrations.php, settings_invoice.php, settings_localization.php, settings_mail.php components.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 42.4%

CVSS Severity

CVSS v3 Score 6.1

References

Products affected by CVE-2024-25344

Itflow » Itflow » Version: 25.01

cpe:2.3:a:itflow:itflow:25.01
Itflow » Itflow » Version: 25.01.2

cpe:2.3:a:itflow:itflow:25.01.2
Itflow » Itflow » Version: 25.01.3

cpe:2.3:a:itflow:itflow:25.01.3
Itflow » Itflow » Version: 25.02

cpe:2.3:a:itflow:itflow:25.02
Itflow » Itflow » Version: 25.02.1

cpe:2.3:a:itflow:itflow:25.02.1
Itflow » Itflow » Version: 25.02.2

cpe:2.3:a:itflow:itflow:25.02.2
Itflow » Itflow » Version: 25.02.3

cpe:2.3:a:itflow:itflow:25.02.3
Itflow » Itflow » Version: 25.02.4

cpe:2.3:a:itflow:itflow:25.02.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-25344

Products

Pricing

Contact Us