CVE-2024-51652

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 19, 2024

CWE ID 352

Summary

CVE-2024-51652 is a newly discovered vulnerability affecting the Skip To: software version 2.0.0 and below. This issue combines a Cross-Site Request Forgery (CSRF) and Stored XSS (Cross-Site Scripting) vulnerability. An attacker can exploit the CSRF vulnerability to execute malicious scripts on a victim's browser via a crafted web page. The Stored XSS vulnerability allows the attacker to inject and store malicious scripts in the application, which are then executed whenever the vulnerable page is accessed by an unsuspecting user. The consequences of these vulnerabilities can lead to unauthorized data access, account takeover, and potentially more severe attacks. It is crucial for users to apply the necessary patches or updates to mitigate these risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database