CVE-2024-33645
CVSS 3.1 Score 7.1 of 10 (high)
Details
Summary
CVE-2024-33645 is a Cross-site Scripting (XSS) vulnerability affecting Easy Set Favicon, versions from n/a through 1.1. The issue stems from improper input neutralization during web page generation, which enables attackers to inject malicious scripts into a victim's browser. These scripts can steal sensitive information, manipulate web pages, or even take control of user sessions. This vulnerability poses a significant risk to users who visit maliciously crafted websites. It is recommended that users update Easy Set Favicon to the latest version to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.