CVE-2024-51636

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 19, 2024
Updated: Dec 2, 2024
CWE ID 352

Summary

CVE-2024-51636 is a newly disclosed vulnerability that affects the GMO Social Connection platform, version 1.2 and below. This issue combines two serious threats - a Cross-Site Request Forgery (CSRF) vulnerability and a Cross-Site Scripting (XSS) weakness. An attacker can exploit the CSRF flaw to force a user to execute unwanted actions, while the XSS vulnerability enables the attacker to inject malicious scripts into a webpage, potentially stealing sensitive information or taking control of user sessions. The overlap of these two risks poses a significant security risk for users of GMO Social Connection.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share