CVE-2024-48933
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-48933 is a cross-site scripting (XSS) vulnerability affecting LemonLDAP::NG versions prior to 2.19.3, which allows remote attackers to inject arbitrary web scripts or HTML into the login page via a user-controlled username when specific configurations permit special HTML characters. This vulnerability impacts a wide range of products, including several identified by the codes such as hzFSIF, aovnCQ, and r6Wi3g, among others. The potential danger includes unauthorized access and manipulation of user data due to successful exploitation, requiring user interaction for execution but leading to medium severity with an exploitability score of 2.8. To remediate this issue, organizations should update their LemonLDAP::NG installations to version 2.19.3 or later as recommended in the issue tracking link provided by OW2. Maintaining secure configurations and limiting the use of special characters in usernames can further mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.