← Back to CVE List

CVE-2024-37343

Published: 2024-06-20T17:15Z
Last Modified: 2024-11-21T09:23Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.06. Attackers with valid tunnel credentials can pass a limited-length script to the administrative console which is then temporarily stored where an administrator using a non-default configuration could click on it while the attacker has a valid tunnel session with the server. The scope is unchanged, there is no loss of confidentiality. Impact to system availability is none, impact to system integrity is high. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt