CVE-2024-50659

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 7, 2025

Updated: Jan 8, 2025

CWE ID 79

Summary

CVE-2024-50659 is a newly disclosed Cross-Site Scripting (XSS) vulnerability affecting iPublish Media Solutions AdPortal version 3.0.39. An attacker can exploit this flaw by injecting malicious scripts into the shippingAsBilling parameter of updateuserinfo.html. Successful exploitation could lead to privilege escalation, enabling attackers to gain unauthorized access to user accounts or perform unintended actions on behalf of the affected users. This vulnerability poses a significant threat, particularly in organizational environments where iPublish Media Solutions AdPortal is utilized. It is recommended that users upgrade to the latest version or apply available patches as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-50659

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations