{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-04T23:50:05.450","vulnerabilities":[{"cve":{"id":"CVE-2024-7124","sourceIdentifier":"cvd@cert.pl","published":"2024-11-14T15:15:09.177","lastModified":"2026-06-17T08:19:24.443","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation vulnerability in DInGO dLibra software in the parameter 'filter' in the endpoint 'indexsearch' allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects DInGO dLibra software in versions from 6.0 before 6.3.20."},{"lang":"es","value":"La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web en el software DInGO dLibra en el parámetro 'filter' del endpoint 'indexsearch' permite un ataque de Cross Site Scripting (XSS) reflejado. Un atacante podría engañar a alguien para que use una URL manipulada, lo que hará que se ejecute un script en el navegador del usuario. Este problema afecta al software DInGO dLibra en las versiones 6.0 anteriores a la 6.3.20."}],"affected":[{"source":"cvd@cert.pl","affectedData":[{"vendor":"Poznan Supercomputing and Networking Center","product":"DInGO dLIbra","defaultStatus":"unaffected","versions":[{"version":"6.0","lessThan":"6.3.20","versionType":"custom","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"poznan_supercomputing_and_networking_center","product":"dingo_dlibra","defaultStatus":"unknown","cpes":["cpe:2.3:a:poznan_supercomputing_and_networking_center:dingo_dlibra:*:*:*:*:*:*:*:*"],"versions":[{"version":"6.0","lessThan":"6.3.20","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:X/U:Green","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"GREEN"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-14T16:00:09.691686Z","id":"CVE-2024-7124","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://cert.pl/en/posts/2024/11/CVE-2024-7124/","source":"cvd@cert.pl"},{"url":"https://cert.pl/posts/2024/11/CVE-2024-7124/","source":"cvd@cert.pl"},{"url":"https://dingo.psnc.pl/dlibra/","source":"cvd@cert.pl"}]}}]}