CVE-2024-36494

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Dec 12, 2024
CWE ID 79

Summary

CVE-2024-36494 is a cross-site scripting (XSS) vulnerability affecting the login page at /cgi/slogin.cgi. The issue stems from insufficient input sanitization on the -tsetup+-uuser parameter, which an attacker can exploit to inject malicious JavaScript code. If successful, the attacker can run arbitrary scripts in the browser of other users. Given that this vulnerability can only be exploited when the target user is not already logged in, it poses a significant risk for login form phishing attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share