CVE-2024-43155
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Aug 12, 2024
Updated: Aug 13, 2024
CWE ID 79
Summary
CVE-2024-43155 is a newly disclosed Cross-site Scripting (XSS) vulnerability affecting PickPlugins ComboBlocks. The flaw, which permits Stored XSS attacks, exists in the input neutralization process during web page generation. This issue poses a significant security risk as an attacker can inject malicious code into a web page viewed by other users. The vulnerability affects ComboBlocks versions from n/a through 2.2.86. It is crucial that users update to a secure version as soon as possible to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share