CVE-2024-33975

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 6, 2024
Updated: Aug 15, 2024
CWE ID 79

Summary

CVE-2024-33975 is a Cross-Site Scripting (XSS) vulnerability identified in E-Negosyo System version 1.0. An attacker can exploit this issue by injecting a malicious JavaScript payload into the 'view' parameter of the '/admin/products/index.php' page. This allows the attacker to partially hijack the authenticated user's browser session, potentially gaining access to sensitive information or taking control of their actions within the application.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share