CVE-2024-12346
CVSS 3.1 Score 3.5 of 10 (low)
Details
Summary
CVE-2024-12346 is a recently disclosed vulnerability affecting Talentera up to version 20241128. This issue is classified as problematic due to the presence of cross-site scripting (XSS) that can be triggered by manipulating the argument "redirect_url" in an unknown part of the file "/app/control/byt_cv_manager". An attacker can initiate this vulnerability remotely, potentially leading to code injection and data theft. Although the exploit has only been confirmed to work in Mozilla Firefox, the public disclosure of the vulnerability increases the risk of exploitation. Unfortunately, the vendor has not yet responded to reports of this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.