CVE-2024-22854

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 16, 2024
Updated: Jan 13, 2025
CWE ID 601
CWE ID 79

Summary

CVE-2024-22854 is a DOM-based HTML injection vulnerability discovered in the main page of Darktrace Threat Visualizer version 6.1.27 and earlier. Malicious actors can exploit this issue by crafting a URL and having an authenticated user visit it. The URL allows for open redirect, potentially enabling attackers to redirect users to malicious websites or steal their credentials through an injected HTML form. This vulnerability poses a significant risk to organizations using the affected version of Darktrace Threat Visualizer, and immediate mitigation efforts are recommended.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Darktrace Threat Visualizer

Affected Vendors

  • Darktrace Ltd.