CVE-2024-29191
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Apr 4, 2024
CWE ID 79
Summary
CVE-2024-29191 is a DOM-based cross-site scripting (XSS) vulnerability affecting versions 1.8.5 and prior of the gotortc camera streaming application. Malicious scripts can be injected through the `src` GET parameter in links on the `links.html` page, which is appended to `innerHTML` for 1-click previews. The context in which `src` is being appended makes the text insert as HTML, allowing for XSS attacks. This issue is addressed by a patch in commit 3b3d5b033aac3a019af64f83dec84f70ed2c8aba.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
Note: This is just a basic overview providing quick insights into CVE-2024-29191 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions