CVE-2024-28734
published 2024-03-19CVE-2024-28734: Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using…
PriorityP279medium6.1CVSS 3.1
AVNACLPRNUIRSCCNILAL
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.79%
75.6th percentile
Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter.
Detection & IOCsextracted from sources · hover to see the quote
path/coda/frameset
sigma
detection on HTTP GET requests to /coda/frameset with cols parameter containing script injection
- →Monitor HTTP GET requests to the /coda/frameset endpoint where the 'cols' query parameter contains HTML/script injection characters such as "> or <script> tags. ↗
- →The vulnerability is in Unit4 Financials by Coda versions prior to 2023Q4 / up to 2024Q1; flag requests from unauthenticated or low-privileged remote sources targeting this endpoint. ↗
- ·The Nuclei template targets a single GET request with max-request: 1, meaning detection coverage is limited to the specific cols parameter injection pattern shown; other XSS vectors in the same application may not be covered. ↗
- ·The matcher checks for the reflected payload in the body AND Content-Type text/html AND HTTP 200; WAFs or response-altering proxies may suppress the reflected payload and cause false negatives.
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wrfj-mm2v-57mh: Cross Site Scripting vulnerability in Unit4 Financials by Coda v
ghsa_unreviewed·2024-03-19
CVE-2024-28734 [MEDIUM] CWE-79 GHSA-wrfj-mm2v-57mh: Cross Site Scripting vulnerability in Unit4 Financials by Coda v
Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter.
VulnCheck
Code Unit4 Financials Cross Site Scripting Vulnerability
vulncheck·2024·CVSS 6.1
CVE-2024-28734 [MEDIUM] Code Unit4 Financials Cross Site Scripting Vulnerability
Code Unit4 Financials Cross Site Scripting Vulnerability
Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter.
Affected: Coda Unit4 Financials
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-04-27&host_type=src&vulnerability=cve-2024-28734; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-05-08&host_type=src&vulnerability=cve-2024-28734; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024
No detection rules found.
Nuclei
Coda v.2024Q1 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2024-28734 [MEDIUM] Coda v.2024Q1 - Cross-Site Scripting
Coda v.2024Q1 - Cross-Site Scripting
Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter.
Template:
id: CVE-2024-28734
info:
name: Coda v.2024Q1 - Cross-Site Scripting
author: s4e-io
severity: medium
description: |
Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter.
impact: |
Attackers can inject malicious scripts that execute in users' browsers, potentially stealing credentials or performing unauthorized actions.
remediation: |
Update Coda to version 2024Q2 or later that addresses the XSS vulnerability.
reference:
- https://packetstormsecurity.com/files/177619/Finan
https://packetstormsecurity.com/files/177619/Financials-By-Coda-Cross-Site-Scripting.htmlhttps://www.unit4.com/https://www.unit4.com/products/financial-management-softwarehttps://packetstormsecurity.com/files/177619/Financials-By-Coda-Cross-Site-Scripting.htmlhttps://www.unit4.com/https://www.unit4.com/products/financial-management-software
2024-03-19
Published
Exploited in the wild