CVE-2024-41805

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 26, 2024

Updated: Jul 29, 2024

CWE ID 79

Summary

CVE-2024-41805: Tracks, a web application used for Getting Things Done (GTD), has been identified with a reflected cross-site scripting (XSS) vulnerability. This issue affects versions prior to 2.7.1. The XSS flaw enables the execution of malicious JavaScript in a user's browser when they click on a malicious link. Attackers can exploit this vulnerability to launch phishing attacks and potentially steal user credentials. Version 2.7.1 is the patched release, and no complete workarounds have been discovered yet.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Tracks

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xLAvWj
https://www.cve.org/CVERecord?id=CVE-2024-41805
https://nvd.nist.gov/vuln/detail/CVE-2024-41805

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-41805

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations