CVE-2024-28142

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Dec 12, 2024
CWE ID 79

Summary

CVE-2024-28142 is a cross-site scripting (XSS) vulnerability affecting a specific CGI script, "/cgi/uset.cgi" in the User Settings menu. The "File Name" page fails to sanitize user inputs, allowing attackers to inject arbitrary Javascript code using the wildcard character feature. This code is executed when the page is viewed, posing a risk to higher privileged users such as administrators. The vulnerability can be exploited even without user authentication, as only the file name parameter of the default User is protected.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share