CVE-2024-52943 Information

Description

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911 ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.

Reference

https://www.veritas.com/support/en_US/security/VTS24-013