CVE-2024-44795
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-44795 is a cross-site scripting (XSS) vulnerability affecting the Gazelle platform, specifically in the component located at /login/disabled.php. This flaw enables attackers to execute arbitrary web scripts or HTML by injecting crafted payloads into the username parameter. The vulnerability has a medium severity rating with a base score of 6.1 and requires user interaction to exploit, indicating that an attacker must trick users into executing the malicious script. Organizations using Gazelle should remediate this issue by ensuring proper input validation and sanitization to prevent such script injections. If left unaddressed, this vulnerability could lead to unauthorized actions on behalf of users, possibly compromising sensitive information or user sessions.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.