{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T03:49:13.982","vulnerabilities":[{"cve":{"id":"CVE-2024-50585","sourceIdentifier":"551230f0-3615-47bd-b7cc-93e92e730bbf","published":"2024-12-11T15:15:14.920","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Users who click on a malicious link or visit a website under the control of an attacker can be infected with arbitrary JavaScript which is running in the context of the \"Numerix License Server Administration System Login\" (nlslogin.jsp) page. The vulnerability can be triggered by sending a specially crafted HTTP POST request. \n\n\n\nThe vendor was unresponsive during multiple attempts to contact them via various channels, hence there is no solution available. In case you are using this software, be sure to restrict access and monitor logs. Try to reach out to your contact person for this vendor and request a patch."},{"lang":"es","value":"Los usuarios que hagan clic en un enlace malicioso o visiten un sitio web bajo el control de un atacante pueden infectarse con código JavaScript arbitrario que se ejecuta en el contexto de la página \"Inicio de sesión del sistema de administración del servidor de licencias de Numerix\" (nlslogin.jsp). La vulnerabilidad puede activarse mediante el envío de una solicitud HTTP POST especialmente manipulada. El proveedor no respondió durante varios intentos de contactarlo a través de varios canales, por lo que no hay ninguna solución disponible. En caso de que esté utilizando este software, asegúrese de restringir el acceso y controlar los registros. Intente comunicarse con su persona de contacto para este proveedor y solicite un parche."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"551230f0-3615-47bd-b7cc-93e92e730bbf","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://r.sec-consult.com/numerix","source":"551230f0-3615-47bd-b7cc-93e92e730bbf"},{"url":"http://seclists.org/fulldisclosure/2024/Dec/4","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}