CVE-2024-36494
CVSS 3.1 Score 4.7 of 10 (medium)
Details
Published Dec 12, 2024
CWE ID 79
Summary
CVE-2024-36494 is a cross-site scripting (XSS) vulnerability affecting the login page at /cgi/slogin.cgi. The issue stems from insufficient input sanitization on the -tsetup+-uuser parameter, which an attacker can exploit to inject malicious JavaScript code. If successful, the attacker can run arbitrary scripts in the browser of other users. Given that this vulnerability can only be exploited when the target user is not already logged in, it poses a significant risk for login form phishing attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share