cvedb.io
CVE-2024-56882
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2025-02-18T18:15:26.830 · Last modified 2026-06-17T08:13:02.830

Summary

Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS). Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with the modified data elements.

Affected products

sagedpw — sage_dpw

Does this affect you?

Add your gear to cvedb and we'll alert you only when sagedpw ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.