CVE-2024-36494 Information

Description

Due to missing input sanitization an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The login page at /cgi/slogin.cgi suffers from XSS due to improper input filtering of the -tsetup+-uuser parameter which can only be exploited if the target user is not already logged in. This makes it ideal for login form phishing attempts.

Reference

https://r.sec-consult.com/imageaccess https://www.imageaccess.de/?page=SupportPortal&lang=en