Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field.
References
| Link | Resource |
|---|---|
| https://github.com/c0d3x27/CVEs/blob/main/CVE-2024-26542/README.md | Exploit Third Party Advisory |
| https://github.com/c0d3x27/CVEs/blob/main/CVE-2024-26542/README.md | Exploit Third Party Advisory |
Configurations
History
17 Sep 2025, 20:24
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:bonitasoft:bonita_web:-:*:*:*:*:*:*:* | |
| References | () https://github.com/c0d3x27/CVEs/blob/main/CVE-2024-26542/README.md - Exploit, Third Party Advisory | |
| First Time |
Bonitasoft
Bonitasoft bonita Web |
21 Nov 2024, 09:02
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/c0d3x27/CVEs/blob/main/CVE-2024-26542/README.md - |
15 Aug 2024, 21:35
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-79 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
28 Feb 2024, 14:06
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
27 Feb 2024, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-02-27 22:15
Updated : 2025-09-17 20:24
NVD link : CVE-2024-26542
Mitre link : CVE-2024-26542
CVE.ORG link : CVE-2024-26542
JSON object : View
Products Affected
bonitasoft
- bonita_web
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')