CVE-2024-51635

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 19, 2024
CWE ID 352

Summary

CVE-2024-51635 is a newly discovered vulnerability affecting the Garmur While Loading software version 3.0 and below. This issue combines two threats in one: a Cross-Site Request Forgery (CSRF) vulnerability and a Stored Cross-Site Scripting (XSS) flaw. A successful exploit of the CSRF weakness could lead to unintended actions being carried out on behalf of the victim, such as changing passwords or making unauthorized transactions. Meanwhile, the Stored XSS vulnerability poses a risk of injecting malicious scripts into the application, potentially leading to the theft of sensitive user data or other malicious activities. Both vulnerabilities, when exploited together, can result in significant security risks. Organizations using the impacted version of Garmur While Loading are urged to upgrade to a patched release as soon as possible to mitigate these threats.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share