CVE-2024-52477

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 2, 2024
CWE ID 352

Summary

CVE-2024-52477 is a newly disclosed vulnerability affecting No-nonsense Labs' Document & Data Automation software. The issue involves a Cross-Site Request Forgery (CSRF) vulnerability, which can lead to Stored Cross-Site Scripting (XSS) attacks. This means an attacker can inject malicious code into a user's session, potentially leading to unauthorized actions being taken or sensitive data being accessed or stolen. The vulnerability exists in versions of the software from n/a through 1.6.1, making it essential for users to apply the necessary patches as soon as possible to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share