CVE-2024-43231
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-43231 is a newly disclosed Cross-site Scripting (XSS) vulnerability that affects Themeum Tutor LMS from versions n/a to 2.7.3. Malicious actors can exploit this Improper Neutralization of Input During Web Page Generation issue to inject and execute malicious scripts in users' browsers when they view a specially crafted webpage. This stored XSS vulnerability poses a significant threat to users, potentially leading to data theft or unauthorized account access. It is crucial that affected users upgrade to a patched version of Tutor LMS as soon as possible to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Tutor LMS Plugin