CVE-2024-26284
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Feb 22, 2024
Updated: Dec 31, 2024
CWE ID 79
Summary
CVE-2024-26284 is a vulnerability affecting Focus for iOS versions below 123. An attacker could exploit this issue by using a 302 redirect to execute Universal Cross-Site Scripting (UXSS) on a victim's website. This type of attack allows the attacker to inject malicious code into the victim's browser, potentially gaining unauthorized access to sensitive information or taking control of the user's account. The vulnerability is significant as it can occur even if the victim unknowingly clicks a link to the attacker's website.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Mozilla