CVE-2024-51670
CVSS 3.1 Score 5.9 of 10 (medium)
Details
Published Nov 9, 2024
Updated: Nov 12, 2024
CWE ID 79
Summary
CVE-2024-51670 is a Cross-site Scripting (XSS) vulnerability affecting JS Help Desk, a popular help desk and support plugin. The issue stems from an improper neutralization of user inputs during web page generation. An attacker can exploit this flaw to inject malicious scripts into a targeted website, posing a risk to unsuspecting users who visit the site. The vulnerability has been identified in JS Help Desk versions from n/a to 2.8.7, making it essential for users to update their installations as soon as a patch is released.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share