CVE-2024-51423
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-02

Last updated on: 2025-09-10

Assigner: MITRE

Description
Cross Site Scripting vulnerability in Infor Global HR GHR v.11.23.03.00.21 and before allows a remote attacker to execute arbitrary code via the class parameter.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-02
Last Modified
2025-09-10
Generated
2026-06-16
AI Q&A
2025-09-02
EPSS Evaluated
2026-06-15
NVD
CVE-2024-51423
EUVD
EUVD-2024-54945
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
infor global_human_resources to 11.23.03.00.21 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2024-51423 is a Reflected Cross-Site Scripting (XSS) vulnerability in Infor Global HR versions v11.23.03.00.21 and earlier. It occurs because the application does not properly sanitize user input in the {class} parameter of the URL path /soap/classes/{class}/lists/_generic. When an invalid class value is provided, the server generates an error message that reflects this input without encoding or sanitization, allowing attackers to inject and execute arbitrary HTML or JavaScript code in the victim's browser. Exploitation requires the attacker to deliver a malicious URL to an authenticated user, who then triggers the script execution by accessing the URL. [1]

Impact Analysis

This vulnerability can allow attackers to execute arbitrary scripts in the context of an authenticated user's browser. This can lead to manipulation of the user interface, theft of sensitive data such as session tokens or credentials, redirection to malicious websites, and potentially further compromise of the user's account or system. Since exploitation requires authentication, the attacker typically uses phishing or social engineering to trick users into clicking malicious links. [1]

Detection Guidance

This vulnerability can be detected by testing the URL endpoint `/soap/classes/{class}/lists/_generic` with various payloads injected into the `{class}` parameter to see if the input is reflected unsanitized in the error message. For example, you can use curl or a browser to send requests with payloads like `<img src=a onerror=alert(1)>` URL-encoded as `%3cimg%20src%3da%20onerror%3dalert(1)%3e` in place of `{class}`. Detection requires authentication, so ensure you are authenticated before testing. A sample curl command might be: `curl -b cookies.txt 'https://target/soap/classes/%3cimg%20src%3da%20onerror%3dalert(1)%3e/lists/_generic'` where `cookies.txt` contains valid session cookies. Observing a JavaScript alert or reflected payload in the response indicates the vulnerability. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable endpoint to only trusted users, ensuring users are aware not to click on suspicious links, and applying any available patches or updates from Infor that address this XSS vulnerability. Additionally, implement input validation and output encoding on the `{class}` parameter to prevent injection of malicious scripts. If patching is not immediately possible, consider using web application firewalls (WAF) to detect and block malicious payloads targeting this parameter. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-51423. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart