CVE-2024-50585
CVSS 3.1 Score 4.7 of 10 (medium)
Details
Published Dec 11, 2024
Updated: Dec 12, 2024
CWE ID 79
Summary
CVE-2024-50585 is a vulnerability affecting the "Numerix License Server Administration System Login" page (nlslogin.jsp). This issue allows attackers to execute arbitrary JavaScript in the context of the page by sending a maliciously crafted HTTP POST request. Users visiting compromised websites or clicking on malicious links can be infected. As of now, there is no available solution from the vendor, who were unresponsive to contact attempts. It is strongly recommended to restrict access to this page and closely monitor logs to prevent potential attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share