CVE-2024-39162
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-39162 is a vulnerability affecting the pyspider web crawling framework version 0.3.10 and below. The issue enables Cross-Site Scripting (XSS) attacks through the /update endpoint. This means an attacker can inject malicious scripts into web pages viewed by other users, potentially stealing sensitive information or taking control of their sessions. However, it's essential to note that this vulnerability only poses a risk to installations that are no longer supported by the maintainer. To mitigate this risk, users are advised to upgrade to a newer version or consider alternative solutions.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.