CVE-2024-53617

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Dec 2, 2024
CWE ID 639
CWE ID 79

Summary

CVE-2024-53617 is a Cross-Site Scripting (XSS) vulnerability affecting LibrePhotos prior to commit 32237. This issue allows attackers to take over any account by uploading an HTML file. The vulnerability is facilitated by an Identity Overflow (IDOR) flaw in the file upload functionality. Attackers can exploit this weakness by injecting malicious code into the HTML file, which is then executed in the context of the admin user, ultimately compromising the targeted account.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share