We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-45879



Description

The file upload function in the "QWKalkulation" tool of baltic-it TOPqw Webportal v1.35.287.1 (fixed in version 1.35.291), in /Apps/TOPqw/QWKalkulation/QWKalkulation.aspx, is vulnerable to Cross-Site Scripting (XSS). To exploit the persistent XSS vulnerability, an attacker has to be authenticated to the application that uses the "TOPqw Webportal" as a software. When authenticated, the attacker can persistently place the malicious JavaScript code in the "QWKalkulation" menu.'

Reserved 2024-09-11 | Published 2024-11-13 | Updated 2024-11-21 | Assigner mitre

References

cyber.wtf/2024/11/11/topqw-webportal-cves/

cve.org (CVE-2024-45879)

nvd.nist.gov (CVE-2024-45879)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-45879

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.