.. / CVE-2024-28734

Exploit for Coda v.2024Q1 - Cross-Site Scripting (CVE-2024-28734)

Description:

Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter.

Nuclei Template

View the template here CVE-2024-28734.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-28734.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-28734
https://packetstormsecurity.com/files/177619/Financials-By-Coda-Cross-Site-Scripting.html
http://financials.com
http://unit4.com
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28734