cvedb.io
CVE-2024-55064
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2025-03-03T22:15:36.700 · Last modified 2026-06-17T08:10:56.540

Summary

Multiple cross-site scripting (XSS) vulnerabilities in EasyVirt DC NetScope <= 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the (1) smtp_server, (2) smtp_account, (3) smtp_password, or (4) email_recipients parameter to /smtp/update; the (5) ntp or (6) dns parameter to /proxy/ntp/change; the (7) newVcenterAddress parameter to /process_new_vcenter.

Affected products

easyvirt — dc_netscope

Does this affect you?

Add your gear to cvedb and we'll alert you only when easyvirt ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.