CVE-2024-12346

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Dec 9, 2024
CWE ID 94
CWE ID 79

Summary

CVE-2024-12346 is a recently disclosed vulnerability affecting Talentera up to version 20241128. This issue is classified as problematic due to the presence of cross-site scripting (XSS) that can be triggered by manipulating the argument "redirect_url" in an unknown part of the file "/app/control/byt_cv_manager". An attacker can initiate this vulnerability remotely, potentially leading to code injection and data theft. Although the exploit has only been confirmed to work in Mozilla Firefox, the public disclosure of the vulnerability increases the risk of exploitation. Unfortunately, the vendor has not yet responded to reports of this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share