CVE-2024-29143

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Mar 19, 2024
CWE ID 79

Summary

CVE-2024-29143 is a Cross-site Scripting (XSS) vulnerability affecting the Cozmoslabs sareiodata Passwordless Login component, version 1.1.2 and prior. The weakness lies in the improper neutralization of user inputs during web page generation. An attacker can exploit this vulnerability to inject malicious scripts into a targeted webpage, potentially stealing user credentials or executing arbitrary code. This could lead to serious security consequences including unauthorized access to user accounts. Users are advised to upgrade to a patched version of the Passwordless Login component as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share