CVE-2024-2525

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 16, 2024
Updated: Jun 11, 2024
CWE ID 284

Summary

CVE-2024-2525 is a newly disclosed vulnerability affecting the MAGESH-K21 Online-College-Event-Hall-Reservation-System version 1.0. An unknown function in the /admin/receipt.php file has been identified as the source of the issue. The manipulation of the argument id allows for cross-site scripting attacks, which can be executed remotely. The exploit for this vulnerability has been made public, posing a significant risk. No response has been received from the vendor regarding this disclosure, and the identifier assigned to this vulnerability is VDB-256962.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share