CVE-2024-51654

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 19, 2024
CWE ID 352

Summary

CVE-2024-51654 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the APK.Support APK Downloader. Maliciously crafted requests can exploit this issue to carry out unauthorized actions on behalf of an unsuspecting user. The vulnerability also includes a Stored XSS (Cross-Site Scripting) component, posing a risk for injecting malicious scripts into web pages viewed by victims. The affected version range of APK Downloader is from n/a to 1.0.0. Users are advised to apply the necessary patches or updates to mitigate these threats.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share