CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37680
https://notcve.org/view.php?id=CVE-2024-37680
24 Jun 2024 — Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the URL:weburl. Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 se ve afectado por Cross Site Scripting (XSS) que permite a atacantes remotos ejecutar código arbitrario. • https://github.com/dabaizhizhu/123/issues/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37679
https://notcve.org/view.php?id=CVE-2024-37679
24 Jun 2024 — Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp parameter. Vulnerabilidad de Cross Site Scripting en Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 y anteriores permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado para el parámetro login.jsp. • https://github.com/dabaizhizhu/123/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •