CVE-2024-51654

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 19, 2024

CWE ID 352

Summary

CVE-2024-51654 is a newly disclosed Cross-Site Request Forgery (CSRF) vulnerability affecting APK.Support APK Downloader. An attacker exploiting this flaw can conduct Stored XSS (Cross-Site Scripting) attacks on unsuspecting users. Successful exploitation could lead to unauthorized actions being performed on the victim's behalf, such as account takeover or data theft. The vulnerability exists in APK Downloader versions from n/a through 1.0.0. Users are advised to update to a patched version or avoid downloading APK files using this application until a fix is available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0BLJg-
https://www.cve.org/CVERecord?id=CVE-2024-51654
https://nvd.nist.gov/vuln/detail/CVE-2024-51654

Back to Vulnerability Database

CVE-2024-51654

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations