CVE-2024-12346 – Talentera byt_cv_manager cross site scripting

https://notcve.org/view.php?id=CVE-2024-12346

08 Dec 2024 — A vulnerability has been found in Talentera up to 20241128 and classified as problematic. This vulnerability affects unknown code of the file /app/control/byt_cv_manager. The manipulation of the argument redirect_url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://cloudphoto.ro/en/OVcHC1Pb3twmFC7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •