CVE-2024-11995

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 29, 2024
Updated: Dec 4, 2024
CWE ID 94
CWE ID 79

Summary

CVE-2024-11995 is a newly disclosed vulnerability affecting the Farmacia 1.0 software. A weakness in an unidentified feature of the /pagamento.php file has been discovered, which allows for cross-site scripting (XSS) attacks. The vulnerability can be exploited remotely, making it a significant security risk. The manipulation of the "total" argument triggers the XSS, and the exploit details have been made public, increasing the potential for malicious activity.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share