CVE-2024-45986

Summary

CVE-2024-45986 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Projectworld Online Voting System 1.0. This issue arises when a malicious JavaScript payload is used during account registration. The payload is stored and later executed on the voter.php and profile.php pages whenever the account information is accessed, posing a significant risk to users who view the affected pages. Attackers can leverage this vulnerability to inject malicious scripts, potentially stealing sensitive data or taking control of user sessions. Users are advised to avoid using the vulnerable system until a patch is applied.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.