CVE-2024-21732

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 1, 2024

Updated: Jan 8, 2024

CWE ID 79

Summary

CVE-2024-21732 is a newly disclosed vulnerability affecting FlyCms, an open-source content management system. The issue lies within the permission management feature, which is exploitable through XSS (Cross-Site Scripting) attacks. An attacker can inject malicious scripts into a webpage viewed by other users, potentially stealing sensitive information or taking control of their sessions. This vulnerability poses a significant risk, particularly for websites using FlyCms and the permission management feature, and requires immediate attention and patching to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t_It3y
https://www.cve.org/CVERecord?id=CVE-2024-21732
https://nvd.nist.gov/vuln/detail/CVE-2024-21732

Back to Vulnerability Database

CVE-2024-21732

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations