CVE-2024-51648
CVSS 3.1 Score 7.1 of 10 (high)
Details
Summary
CVE-2024-51648 is a newly disclosed vulnerability that affects the Hands, Inc e-shops version 1.0.3 and below. This issue combines a Cross-Site Request Forgery (CSRF) weakness with Reflected XSS (Cross-Site Scripting), allowing attackers to execute malicious scripts within a user's web browser. The CSRF vulnerability enables an attacker to perform unauthorized actions on behalf of a victim, while the Reflected XSS component injects malicious scripts through a targeted web page or application. The result is a significant security risk, potentially leading to sensitive data theft, session hijacking, or other malicious activities. Users are encouraged to update their e-shop software as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.