CVE-2024-33645

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Apr 29, 2024
CWE ID 79

Summary

CVE-2024-33645 is a Cross-site Scripting (XSS) vulnerability affecting Easy Set Favicon, versions from n/a through 1.1. The issue stems from improper input neutralization during web page generation, which enables attackers to inject malicious scripts into a victim's browser. These scripts can steal sensitive information, manipulate web pages, or even take control of user sessions. This vulnerability poses a significant risk to users who visit maliciously crafted websites. It is recommended that users update Easy Set Favicon to the latest version to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share