CVE-2024-7875: XSS in Tungsten Automation TotalAgility

Q: What is the severity of CVE-2024-7875?

CVE-2024-7875 is considered a medium severity vulnerability due to its potential for reflected XSS attacks.

Q: How do I fix CVE-2024-7875?

To fix CVE-2024-7875, upgrade Kofax TotalAgility to version 7.9.0.26.0.955 or later.

Q: What does CVE-2024-7875 affect?

CVE-2024-7875 affects Kofax TotalAgility versions up to and including 7.9.0.25.0.954.

Q: What kind of attack is associated with CVE-2024-7875?

CVE-2024-7875 is associated with reflected cross-site scripting (XSS) attacks.

Q: What parameter manipulation is involved in CVE-2024-7875?

CVE-2024-7875 involves the manipulation of the mfpScreenResolutionWidth parameter in a specific endpoint.

Published Dec 6, 2024

Updated

Tungsten Automation (Kofax) TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpScreenResolutionWidth parameter manipulation in a form sent to an endpoint /TotalAgility/Kofax/BrowserDevice/ScanFront.aspx This allows for injection of a malicious JavaScript code, leading to a possible information leak. Exploitation is possible only while using POST requests and also requires retrieving/generating a proper VIEWSTATE parameter, which limits the risk of a successful attack.

Affected Software

1 affected component

Kofax TotalAgility<=7.9.0.25.0.954

Event History

Dec 6, 2024

CVE Published

via MITRE·08:55 PM

Data Sourced

via MITRE·08:55 PM

DescriptionWeakness

Data Sourced

via NVD·09:15 PM

DescriptionSeverityWeakness

Frequently Asked Questions

What is the severity of CVE-2024-7875?

CVE-2024-7875 is considered a medium severity vulnerability due to its potential for reflected XSS attacks.

How do I fix CVE-2024-7875?

To fix CVE-2024-7875, upgrade Kofax TotalAgility to version 7.9.0.26.0.955 or later.

What does CVE-2024-7875 affect?

CVE-2024-7875 affects Kofax TotalAgility versions up to and including 7.9.0.25.0.954.

What kind of attack is associated with CVE-2024-7875?

CVE-2024-7875 is associated with reflected cross-site scripting (XSS) attacks.

What parameter manipulation is involved in CVE-2024-7875?

CVE-2024-7875 involves the manipulation of the mfpScreenResolutionWidth parameter in a specific endpoint.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.