CVE-2024-33978

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 6, 2024
Updated: Aug 15, 2024
CWE ID 79

Summary

CVE-2024-33978 refers to a Cross-Site Scripting (XSS) vulnerability identified in E-Negosyo System version 1.0. This issue allows an attacker to craft a malicious URL and send it to a victim. Upon the victim's interaction with the URL, an attacker could potentially gain unauthorized access to the victim's session cookie details through the manipulation of the 'category' parameter in '/index.php'. This vulnerability can lead to unintended execution of malicious scripts and unauthorized information disclosure. Users are advised to update their systems as soon as a patch becomes available to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share