CVE-2024-50637
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Published Nov 6, 2024
Updated: Nov 7, 2024
CWE ID 79
Summary
CVE-2024-50637 is a newly disclosed vulnerability affecting UnoPim version 0.1.3 and older. This issue involves a Cross Site Scripting (XSS) flaw in the Create User function. Attackers can exploit this vulnerability by injecting malicious SVG code, which, when processed, allows the attacker to execute malicious scripts in the user's browser. This can ultimately lead to the theft of sensitive information, such as cookies, compromising the security of the affected system. Users are advised to update to the latest version of UnoPim to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share