CVE-2024-22854
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-22854 is a DOM-based HTML injection vulnerability discovered in the main page of Darktrace Threat Visualizer version 6.1.27 and earlier. Malicious actors can exploit this issue by crafting a URL and having an authenticated user visit it. The URL allows for open redirect, potentially enabling attackers to redirect users to malicious websites or steal their credentials through an injected HTML form. This vulnerability poses a significant risk to organizations using the affected version of Darktrace Threat Visualizer, and immediate mitigation efforts are recommended.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Darktrace Threat Visualizer
Affected Vendors
- Darktrace Ltd.