CVE-2024-51640

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 19, 2024
CWE ID 352

Summary

CVE-2024-51640 is a newly disclosed vulnerability that impacts the MDR Webmaster Tools, specifically versions from n/a to 1.1. This issue combines two threats: Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS). The CSRF vulnerability permits an attacker to execute malicious actions on behalf of an unsuspecting user, while the Stored XSS component allows an attacker to inject and execute malicious scripts on the targeted website, potentially stealing sensitive information or gaining unauthorized access. This double threat makes it crucial for users of MDR Webmaster Tools to update their software as soon as a patch becomes available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share