Vulnerability on SWAL platform from GT3 Soluciones

Posted date 29/04/2024

Importance

3 - Medium

Affected Resources

SWAL version 2.0 (r2301)

Description

INCIBE has coordinated the publication of a medium severity vulnerability affecting SWAL of GT3 Soluciones S.L version 2.0 (r2301), a software for local administration management, which has been discovered by David Padilla Alvarado.

This vulnerability have been assigned the following code, CVSS v3.1 base score, CVSS vector and the CWE vulnerability type of each vulnerability:

CVE-2024-4304: 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CWE-79

Solution

The vulnerability has been solved in the latest version.

Detail

CVE-2024-4304: A Cross-Site Scripting XSS vulnerability has been detected on GT3 Soluciones SWAL. This vulnerability consists in a reflected XSS in the Titular parameter inside Gestion 'Documental > Seguimiento de Expedientes > Alta de Expedientes'.

References list

SWAL

Etiquetas

0day
CNA
Vulnerability