CVE-2024-33975
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Aug 6, 2024
Updated: Aug 15, 2024
CWE ID 79
Summary
CVE-2024-33975 is a Cross-Site Scripting (XSS) vulnerability identified in E-Negosyo System version 1.0. An attacker can exploit this issue by injecting a malicious JavaScript payload into the 'view' parameter of the '/admin/products/index.php' page. This allows the attacker to partially hijack the authenticated user's browser session, potentially gaining access to sensitive information or taking control of their actions within the application.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share