CVE-2024-54401

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 16, 2024

CWE ID 352

Summary

CVE-2024-54401 is a newly disclosed Cross-Site Request Forgery (CSRF) vulnerability impacting Turcu Ciprian Advanced Fancybox. This issue goes beyond a typical CSRF flaw, as it also includes Stored Cross-Site Scripting (XSS) capabilities. Such a combination allows an attacker to execute unauthorized actions on a user's behalf and inject malicious scripts into web pages visited by that user. Advanced Fancybox versions from n/a through 1.1.1 are susceptible to this flaw. Users are strongly advised to update their installations as soon as a patch becomes available to mitigate the risks posed by this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1KJLS_
https://www.cve.org/CVERecord?id=CVE-2024-54401
https://nvd.nist.gov/vuln/detail/CVE-2024-54401

Back to Vulnerability Database

CVE-2024-54401

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations