CVE-2024-51635
CVSS 3.1 Score 7.1 of 10 (high)
Details
Summary
CVE-2024-51635 is a newly discovered vulnerability affecting the Garmur While Loading software version 3.0 and below. This issue combines two threats in one: a Cross-Site Request Forgery (CSRF) vulnerability and a Stored Cross-Site Scripting (XSS) flaw. A successful exploit of the CSRF weakness could lead to unintended actions being carried out on behalf of the victim, such as changing passwords or making unauthorized transactions. Meanwhile, the Stored XSS vulnerability poses a risk of injecting malicious scripts into the application, potentially leading to the theft of sensitive user data or other malicious activities. Both vulnerabilities, when exploited together, can result in significant security risks. Organizations using the impacted version of Garmur While Loading are urged to upgrade to a patched release as soon as possible to mitigate these threats.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.