CVE-2024-10652

6.1 MEDIUM

Published: November 01, 2024 Modified: April 15, 2026

Description

IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://www.twcert.org.tw/en/cp-139-8173-f8bbc-2.html

Source: twcert@cert.org.tw

https://www.twcert.org.tw/tw/cp-132-8172-a02cc-1.html

Source: twcert@cert.org.tw

2 reference(s) from NVD

Quick Stats

CVSS v3 Score

6.1 / 10.0

EPSS (Exploit Probability)

0.2%

44th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-79

Related CVEs