CVE-2024-51641

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 19, 2024
CWE ID 352

Summary

CVE-2024-51636 is a newly identified vulnerability that affects the Z.com social connection feature developed by GMO. This issue combines two serious threats: Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS). The CSRF vulnerability allows an attacker to manipulate a user's session, while the XSS component introduces the potential for code injection. The flaw is present in GMO Social Connection versions from n/a through 1.2, posing a significant risk to users who rely on this service.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share