Cross-Site Scripting Vulnerability in Teixo by Teimas Global
- Teixo, 1.42.42-stable version.
INCIBE has coordinated the publication of a medium severity vulnerability affecting Teixo version 1.42.42-stable, a waste management software developed by Teimas Global, which has been discovered by Iker Loidi Auza.
This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:
- CVE-2024-3654: 6.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | CWE-79
Vulnerability fixed in version 1.42.48-stable, deployed on 9 January 2024. As the affected product is a SaaS, it is not currently possible to access versions where the vulnerability is still present.
CVE-2024-3654: an XSS vulnerability has been found in Teimas Global's Teixo, version 1.42.42-stable. This vulnerability could allow an attacker to send a specially crafted JavaScript payload via the "seconds" parameter in the program's URL, resulting in a possible takeover of a registered user's session.
