CVE-2024-46481

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jan 13, 2025

CWE ID 601

Summary

CVE-2024-46481 is a newly disclosed vulnerability affecting the Venki Supravizio BPM login page. The issue permits open redirects, making it possible for attackers to manipulate URLs and redirect unsuspecting users to malicious websites. Once a user is directed to the malicious site, they are exposed to reflected Cross-Site Scripting (XSS) attacks. An attacker can exploit this vulnerability by crafting a specially designed URL and luring a victim to click on it. Upon clicking the link, the user is redirected to the attacker's malicious site, which can then execute scripts in their browser, potentially leading to information theft or system compromise.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-46481

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations