CVE-2024-29143
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-29143 is a Cross-site Scripting (XSS) vulnerability affecting the Cozmoslabs sareiodata Passwordless Login component, version 1.1.2 and prior. The weakness lies in the improper neutralization of user inputs during web page generation. An attacker can exploit this vulnerability to inject malicious scripts into a targeted webpage, potentially stealing user credentials or executing arbitrary code. This could lead to serious security consequences including unauthorized access to user accounts. Users are advised to upgrade to a patched version of the Passwordless Login component as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.