CVSS 3.1 Score 6.3 of 10 (medium)


Published May 27, 2024
Updated: May 28, 2024


CVE-2024-5405 is a vulnerability discovered in WinNMP 19.02, affecting the /tools/redis.php page in the k, hash, key, and p parameters. This vulnerability allows a remote user to exploit an XSS attack by submitting a specially crafted JavaScript payload. The attack can be executed by an authenticated user to retrieve their session details. The vulnerability has a base severity of MEDIUM with a CVSS score of 6.3, indicating that it poses a moderate risk to organizations. It requires user interaction but does not require any privileges. The impact on confidentiality and integrity is low, with an availability impact also being low. Remediation steps should be taken to address this vulnerability and prevent potential exploitation by malicious actors.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-5405 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options