CVE-2024-53714

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 2, 2024
CWE ID 352

Summary

CVE-2024-53714 is a Cross-Site Request Forgery (CSRF) vulnerability identified in Arrow Design's Continue Shopping From Cart feature. This issue permits an attacker to execute Stored Cross-Site Scripting (XSS) attacks against unsuspecting users. The Arrow Design Continue Shopping From Cart, used from version n/a up to 1.3, is affected by this vulnerability, potentially exposing users to malicious scripts when accessing the application. The CSRF attack can force users to perform unintended actions on the site, while the Stored XSS vulnerability can lead to long-term persistent attacks. Attackers can exploit this vulnerability by tricking users into clicking a specially crafted link or form submission, compromising their session and injecting malicious scripts into the site that can remain active even after the user logs out.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share