Vulnerabilities > CVE-2024-4310 - Unspecified vulnerability in Ofofonobsdev Hubbank 1.0.2

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

ofofonobsdev

NVD

Published: 2024-04-29

Updated: 2025-04-23

Summary

Cross-site Scripting (XSS) vulnerability in HubBank affecting version 1.0.2. This vulnerability allows an attacker to send a specially crafted JavaScript payload to registration and profile forms and trigger the payload when any authenticated user loads the page, resulting in a session takeover.

Vulnerable Configurations

Part	Description	Count
Application	Ofofonobsdev Ofofonobsdev Hubbank 1.0.2	1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hubbank
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hubbank