CVE-2024-44797

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 26, 2024
Updated: Aug 27, 2024
CWE ID 79

Summary

CVE-2024-44797 is a cross-site scripting (XSS) vulnerability affecting the /managers/enable_requests.php component of the Gazelle platform, specifically commit 63b3370. This flaw allows attackers to execute arbitrary web scripts or HTML through a crafted payload injected into the view parameter. The vulnerability has a medium severity rating with an exploitability score of 2.3, requiring low privileges and user interaction to be exploited, while presenting minimal impacts on confidentiality and integrity. To remediate this issue, organizations should apply patches or updates that address this vulnerability as recommended in related security advisories. Failure to mitigate this risk may expose organizations to potential malicious actions that could compromise user data or application functionality.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share