Cross-Site Scripting Vulnerability in Teixo by Teimas Global

Posted date 11/04/2024
Importance
3 - Medium
Affected Resources
  • Teixo, 1.42.42-stable version.
Description

INCIBE has coordinated the publication of a medium severity vulnerability affecting Teixo version 1.42.42-stable, a waste management software developed by Teimas Global, which has been discovered by Iker Loidi Auza.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

  • CVE-2024-3654: 6.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | CWE-79 
Solution

Vulnerability fixed in version 1.42.48-stable, deployed on 9 January 2024. As the affected product is a SaaS, it is not currently possible to access versions where the vulnerability is still present.

Detail

CVE-2024-3654: an XSS vulnerability has been found in Teimas Global's Teixo, version 1.42.42-stable. This vulnerability could allow an attacker to send a specially crafted JavaScript payload via the "seconds" parameter in the program's URL, resulting in a possible takeover of a registered user's session.