CVE-2024-52345

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 18, 2024
Updated: Nov 19, 2024
CWE ID 79

Summary

CVE-2024-52345 is a newly disclosed Cross-Site Scripting (XSS) vulnerability impacting Roberto Alicata's ra_qrcode library, from versions n/a through 2.1.0. Attackers can exploit this Stored XSS flaw during web page generation, injecting malicious scripts that can be executed in the context of affected users. The vulnerability poses a significant risk, as it can lead to data theft, session hijacking, and other malicious activities. It is essential for users to update their ra_qrcode installations as soon as possible to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share