CVE-2024-11479: Authenticated HTML Injection in Issuetrak Ticket Comment Function
First published: Wed Dec 04 2024(Updated: )
A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the emails sent to all users on that ticket.
Credit: b7efe717-a805-47cf-8e9a-921fca0ce0ce
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Issuetrak |
Remedy
Ensure the Issuetrak application is updated to version 17.2 or later.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-11479?
CVE-2024-11479 is classified as a medium severity vulnerability due to its potential impact on user data.
How do I fix CVE-2024-11479?
To fix CVE-2024-11479, upgrade Issuetrak to a version that addresses the HTML Injection vulnerability.
Who is affected by CVE-2024-11479?
CVE-2024-11479 affects users of Issuetrak version 17.1 who can submit comments on tickets.
What kind of attacks can be executed using CVE-2024-11479?
CVE-2024-11479 can be exploited to execute HTML Injection attacks through comments, potentially leading to phishing attempts.
Is it necessary to patch CVE-2024-11479 immediately?
Yes, it is recommended to patch CVE-2024-11479 immediately to mitigate the risks associated with HTML Injection.
- agent/remedy
- agent/references
- agent/weakness
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/issuetrak
- canonical/issuetrak