CVE-2024-2595
CVSS 3.1 Score 8.0 of 10 (high)
Details
Published Mar 18, 2024
CWE ID 1288
Summary
CVE-2024-2595 is a Cross-Site Scripting (XSS) vulnerability affecting AMSS++ version 4.31. The issue lies in the insufficient encoding of user-controlled input, specifically in the 'b_id' parameter located in /amssplus/modules/book/main/bookdetail_khet_person.php. An attacker could exploit this flaw by crafting a malicious URL and sending it to an authenticated user. Successful exploitation could result in the theft of the victim's session cookie credentials, granting the attacker unauthorized access to the affected system.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share