CVE-2024-3125
CVSS 3.1 Score 7.1 of 10 (high)
Details
Published Apr 1, 2024
Updated: May 17, 2024
CWE ID 79
Summary
CVE-2024-3125 is a newly disclosed cross-site scripting vulnerability affecting the Alert Setup Page component of Zebra ZTC GK420d 1.0. The issue lies in the unknown code of the /settings file and can be triggered by manipulating the Address argument. This vulnerability enables remote attackers to inject malicious scripts, posing a significant security risk. Despite early disclosure to the vendor, there has been no response or patch released. This vulnerability has been assigned identifier VDB-258868.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share