CVE-2024-51898

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 19, 2024
CWE ID 79

Summary

CVE-2024-51898 is a Cross-site Scripting (XSS) vulnerability affecting the Semantic Shortcode from version n/a through 1.0.1. An attacker can exploit this issue by injecting malicious code into input data, which is then improperly neutralized during web page generation. This results in stored XSS, enabling an attacker to execute arbitrary scripts in a user's browser when they view a specially crafted page. The exploitation of this vulnerability can lead to data theft, session hijacking, or other unauthorized actions. Users are advised to update to a patched version of the Semantic Shortcode to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share