CVE-2024-51648

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 19, 2024
CWE ID 352

Summary

CVE-2024-51648 is a newly disclosed vulnerability that affects the Hands, Inc e-shops version 1.0.3 and below. This issue combines a Cross-Site Request Forgery (CSRF) weakness with Reflected XSS (Cross-Site Scripting), allowing attackers to execute malicious scripts within a user's web browser. The CSRF vulnerability enables an attacker to perform unauthorized actions on behalf of a victim, while the Reflected XSS component injects malicious scripts through a targeted web page or application. The result is a significant security risk, potentially leading to sensitive data theft, session hijacking, or other malicious activities. Users are encouraged to update their e-shop software as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share