CVE-2024-11990

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Published Nov 29, 2024
CWE ID 79

Summary

CVE-2024-11990 is a newly disclosed Cross-Site Scripting (XSS) vulnerability affecting SurgeMail version 78c2. An attacker can exploit this weakness by injecting intricate JavaScript code into susceptible parameters, potentially gaining unauthorized access to user sessions or stealing sensitive information. The XSS vulnerability could lead to serious security consequences if not addressed promptly. Users are strongly advised to upgrade to the latest SurgeMail version or implement effective XSS protection measures to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share