CVE-2024-40487

CVSS 3.1 Score 7.6 of 10 (high)

Details

Published Aug 12, 2024
Updated: Aug 23, 2024
CWE ID 94

Summary

CVE-2024-40487 is a newly discovered stored Cross-Site Scripting (XSS) vulnerability. This issue affects the "/view_type.php" file in the Kashipara Live Membership System v1.0. Attackers can exploit this vulnerability by injecting malicious code into the membershipType parameter. Successful exploitation allows remote attackers to execute arbitrary code on affected systems, potentially leading to serious security breaches. This vulnerability poses a significant risk to websites using the affected version of Kashipara Live Membership System and underscores the importance of timely software updates and secure coding practices.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share