CVE-2024-50535
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Nov 19, 2024
CWE ID 79
Summary
CVE-2024-50535 is a Cross-site Scripting (XSS) vulnerability affecting Kyle M. Brown Step by Step, a software from an unknown version up to 0.4.5. The flaw involves improper neutralization of user inputs during web page generation, making it possible for attackers to inject malicious scripts into web pages viewed by other users. This could potentially lead to unauthorized data access or manipulation, and even full account takeover. Users are advised to update to the latest version of the software as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share