CVE-2024-48933

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 9, 2024
Updated: Oct 15, 2024
CWE ID 79

Summary

CVE-2024-48933 is a cross-site scripting (XSS) vulnerability affecting LemonLDAP::NG versions prior to 2.19.3, which allows remote attackers to inject arbitrary web scripts or HTML into the login page via a user-controlled username when specific configurations permit special HTML characters. This vulnerability impacts a wide range of products, including several identified by the codes such as hzFSIF, aovnCQ, and r6Wi3g, among others. The potential danger includes unauthorized access and manipulation of user data due to successful exploitation, requiring user interaction for execution but leading to medium severity with an exploitability score of 2.8. To remediate this issue, organizations should update their LemonLDAP::NG installations to version 2.19.3 or later as recommended in the issue tracking link provided by OW2. Maintaining secure configurations and limiting the use of special characters in usernames can further mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share