CVE-2024-24928

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 12, 2024

Updated: Feb 16, 2024

CWE ID 79

Summary

CVE-2024-24928 is a Cross-site Scripting (XSS) vulnerability affecting Arunas Liuiza Content Cards. The issue lies in the improper neutralization of user input during web page generation. An attacker can exploit this vulnerability to inject and execute malicious scripts in a victim's browser, potentially stealing sensitive information or taking control of their account. This flaw affects Content Cards versions from n/a to 0.9.7. Users are urged to update their software to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uXaHY3
https://www.cve.org/CVERecord?id=CVE-2024-24928
https://nvd.nist.gov/vuln/detail/CVE-2024-24928

Back to Vulnerability Database

CVE-2024-24928

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations