CVE-2024-11986
CVSS 3.1 Score 9.6 of 10 (high)
Details
Summary
CVE-2024-11986 is a newly disclosed cybersecurity vulnerability that affects web applications. The issue stems from improper input handling of 'Host Headers'. An attacker, without authentication, is able to inject a payload into web application logs. When an administrator views the logs using standard application functionalities, the stored payload is executed, potentially leading to Stored Cross-Site Scripting (XSS) attacks. This vulnerability poses a serious risk, as administrators, who have elevated privileges, can be targeted to gain unauthorized access or manipulate data. It is crucial for organizations to address this security flaw promptly to prevent potential attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- CrushFTP