CVE-2024-47140

CVSS 3.1 Score 8.7 of 10 (high)

Details

Published Jan 15, 2025

CWE ID 79

Summary

CVE-2024-47140 is a cross-site scripting (XSS) vulnerability identified in Observium CE 24.4.13528, specifically in the "add_alert_check" page. This issue allows an attacker to execute arbitrary JavaScript codes by crafting a malicious HTTP request. For the exploit to take effect, an authenticated user must click on a malicious link provided by the attacker. This vulnerability poses a significant risk, as successful exploitation could result in unauthorized access, data theft, or system manipulation. Users are advised to update to the latest version of Observium CE to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/zjgxek
https://www.cve.org/CVERecord?id=CVE-2024-47140
https://nvd.nist.gov/vuln/detail/CVE-2024-47140

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-47140

CVSS 3.1 Score 8.7 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations