CVE-2024-46475

Summary

CVE-2024-46475 is a reflected cross-site scripting (XSS) vulnerability affecting the homepage of Metronic Admin Dashboard Template v2.0. This issue permits attackers to inject malicious code into a user's browser, which can be executed arbitrarily. Successful exploitation of this vulnerability may result in unauthorized access to sensitive information, session hijacking, or other malicious activities. Users are advised to update their templates or implement appropriate XSS protections to mitigate this risk. This vulnerability can lead to serious consequences, including data theft or unauthorized system access. Attackers can exploit this flaw by injecting a crafted payload into the affected template's homepage, which is then reflected back to the user's browser, allowing the attacker to execute arbitrary code.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.