Back to KEVs

CVE-2024-28734

Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET...

Basic Information

CVE State
PUBLISHED
Reserved Date
March 08, 2024
Published Date
March 19, 2024
Last Updated
August 02, 2024
Vendor
n/a
Product
n/a
Description
Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter.
Tags
nuclei_scanner

CVSS Scores

CVSS v3.1

6.1 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L

EPSS Score

Score
8.36% (Percentile: 91.81%) as of 2025-05-20

SSVC Information

Exploitation
poc
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (added 2025-05-15 00:00:00 UTC) Source

References

https://packetstormsecurity.com/files/177619/Financials-By-Coda-Cross-Site-Scripting.html https://www.unit4.com/ https://www.unit4.com/products/financial-management-software

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-05-15 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-28734.yaml 2025-04-26 00:00:00 UTC