CVE-2024-4754 – Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) …

CVE-2024-4754 – Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) …

Vuln ID: CVE-2024-4754

Published: 2024-06-24 09:15:10.083

Description: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Stored XSS.This issue affects Business Process Manangement (BPM): from 6.6.4.4 before 6.6.4.5.

Base Score: 5.4 – MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Source: NVD.NIST.GOV

Date:

24 June 2024

Categorie(s):

Tag(s):

Donut Holes, clickfix, rapperbots, bad devs, war, Doug Rants about Backups, and More. – SWN #48720 June 2025
Jira tickets become attack vectors in PoC ‘living off AI’ attack20 June 2025
Anubis Ransomware Lists Disneyland Paris as New Victim20 June 2025
Hackers Target 700+ ComfyUI AI Image Generation Servers to Spread Malware20 June 2025
Netflix, Apple, BofA websites hijacked with fake help-desk numbers20 June 2025