CVE-2024-45879 Information

Description

The file upload function in the \QWKalkulation\ tool of baltic-it TOPqw Webportal v1.35.287.1 (fixed in version 1.35.291) in /Apps/TOPqw/QWKalkulation/QWKalkulation.aspx is vulnerable to Cross-Site Scripting (XSS). To exploit the persistent XSS vulnerability an attacker has to be authenticated to the application that uses the \TOPqw Webportal\ as a software. When authenticated the attacker can persistently place the malicious JavaScript code in the \QWKalkulation\ menu.'

Reference

https://cyber.wtf/2024/11/11/topqw-webportal-cves/