CVE-2024-2072

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Mar 1, 2024
Updated: Jan 2, 2025
CWE ID 78

Summary

CVE-2024-2572 is a newly disclosed vulnerability affecting the SourceCodester Flashcard Quiz App 1.0. This issue lies in the /endpoint/update-flashcard.php file and is classified as problematic. attackers can exploit this cross-site scripting (XSS) flaw by manipulating the question/answer argument. The vulnerability can be exploited remotely, allowing attackers to inject malicious scripts into unsuspecting users' browsers. The exploit for this vulnerability (VDB-255387) has been made public, increasing the risk of attacks. Users are strongly encouraged to update their applications as soon as possible to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share