Vulnerability on SWAL platform from GT3 Soluciones
Posted date 29/04/2024
Identificador
INCIBE-2024-0215
Importance
3 - Medium
Affected Resources
SWAL version 2.0 (r2301)
Description
INCIBE has coordinated the publication of a medium severity vulnerability affecting SWAL of GT3 Soluciones S.L version 2.0 (r2301), a software for local administration management, which has been discovered by David Padilla Alvarado.
This vulnerability have been assigned the following code, CVSS v3.1 base score, CVSS vector and the CWE vulnerability type of each vulnerability:
- CVE-2024-4304: 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CWE-79
Solution
The vulnerability has been solved in the latest version.
Detail
CVE-2024-4304: A Cross-Site Scripting XSS vulnerability has been detected on GT3 Soluciones SWAL. This vulnerability consists in a reflected XSS in the Titular parameter inside Gestion 'Documental > Seguimiento de Expedientes > Alta de Expedientes'.
References list
Etiquetas