CVE-2024-4747

Summary

CVE-2024-4747 is a high-severity vulnerability classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) affecting Propovoice CRM versions from n/a through 1.7.6.2. The vulnerability allows for stored cross-site scripting (XSS) attacks. The exploitability score for this vulnerability is 2.8 out of 10, indicating a relatively low difficulty for attackers to exploit it. The impact score is 3.7 out of 10, suggesting a moderate potential danger to organizations. The base severity score is 7.1 out of 10, classifying it as a high-risk vulnerability. The required user interaction for exploitation is "REQUIRED," and no special privileges are required. The attack vector is through the network, and the impact on integrity and confidentiality is low, while availability impact is also low. Organizations using Propovoice CRM should promptly apply the necessary patches or updates to remediate this vulnerability and reduce the risk of XSS attacks on their systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.