CVE-2024-53620

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Nov 26, 2024
CWE ID 79

Summary

CVE-2024-53620 is a newly identified cross-site scripting (XSS) vulnerability that affects the Article module of SPIP v4.3.3. Authenticated attackers can exploit this weakness by injecting a maliciously crafted Title parameter. Successful exploitation allows attackers to execute arbitrary web scripts or HTML code, potentially leading to data theft or unauthorized account access. Users of SPIP v4.3.3 are strongly advised to apply the forthcoming patch to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share