CVSS 3.1 Score 7.1 of 10 (high)


Published Mar 18, 2024


CVE-2024-2593 is a high-severity vulnerability that affects AMSS++ version 4.31. The vulnerability allows for a Cross-Site Scripting (XSS) attack through the 'b_id' parameter in the /amssplus/modules/book/main/bookdetail_group.php endpoint. This means that an attacker can send a specially crafted URL to an authenticated user and potentially steal their session cookie credentials. The exploitability score is 2.8 out of 10, indicating a moderate level of difficulty for attackers. The base severity is rated as high with a score of 7.1 out of 10, emphasizing the potential danger this vulnerability poses to organizations using AMSS++. To remediate this vulnerability, it is recommended to update to a patched version or apply any available security patches provided by the vendor.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-2593 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options