{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T00:24:23.949","vulnerabilities":[{"cve":{"id":"CVE-2024-4424","sourceIdentifier":"cvd@cert.pl","published":"2024-05-14T15:43:41.587","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The access control in CemiPark software does not properly validate user-entered data, which allows the stored cross-site scripting (XSS) attack. The parameters used to enter data into the system do not have appropriate validation, which makes possible to smuggle in HTML/JavaScript code. This code will be executed in the user's browser space.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.\n\n"},{"lang":"es","value":"El control de acceso en el software CemiPark no valida adecuadamente los datos ingresados por el usuario, lo que permite el ataque de Cross Site Scripting (XSS) almacenado. Los parámetros utilizados para ingresar datos al sistema no cuentan con la validación adecuada, lo que hace posible el contrabando de código HTML/JavaScript. Este código se ejecutará en el espacio del navegador del usuario. Este problema afecta al software CemiPark: 4.5, 4.7, 5.03 y potencialmente a otros. El vendedor se negó a proporcionar la gama específica de productos afectados."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"http://cemi.pl/","source":"cvd@cert.pl"},{"url":"https://cert.pl/en/posts/2024/05/CVE-2024-4423/","source":"cvd@cert.pl"},{"url":"https://cert.pl/posts/2024/05/CVE-2024-4423/","source":"cvd@cert.pl"},{"url":"http://cemi.pl/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cert.pl/en/posts/2024/05/CVE-2024-4423/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cert.pl/posts/2024/05/CVE-2024-4423/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}